Of all the resources businesses use to communicate with, email is the one that causes more data leakages than any other. It is easy for sensitive information to accidentally get released such as employee details, upcoming software launches or even legal content. There is also the issue of hackers finding ways to access company networks to damage and/or steal information.
When an email security issue occurs, company liability can become a serious problem, leaving damage limitation as the only option, which can be costly in all manner of ways.
Top email security tips
Sometimes, using email can be a daunting proposition. There are ever growing online threats such as hackers, phishing scams, viruses and identity thieves. Email security needs to be a top priority for any organization.
Check your spam filter
You need to be absolutely certain that your spam filter is up and running before you start to send and receive emails. The most common way to get a virus is by downloading content from a malicious email attachment, otherwise known as malware. A spam filter will scan any email that your organization receives to ensure that they are all virus-free before any employee opens them.
Another good idea is to invest in a network-wide solution that will stop identity theft and hackers before they get a chance to do any damage.
Use encryption methods
If you are an organization that deals with a lot of sensitive information like a law firm or bank, all data needs to remain secure through email encryption. Current encryption methods are so secure that they have been termed military grade by data security experts.
Make sure your security policy is secure
A good way to enforce email security is to train your staff in basic email usage rules and practices. This can help to avoid costly mistakes occurring. Also, make sure they know how to configure their anti-virus software and they understand the importance of setting up strong, unique passwords i.e. using alphanumeric characters instead of generic phrases and dates. Warn them of the danger of unknown email attachments and to never follow unsecured links.
Create strong passwords
Many employees use passwords that are too easy to remember. They will use things like names, birthdays and simple words. As a result, these are often easy to hack.
A better approach is to enforce a policy where all users have to create complex passwords that use a mixture of upper case letters, lower case letters, characters and numbers. Then, for extra protection, make sure that users have to update these passwords often (every 60-90 days) and they don’t use the same email password to log into other areas such as network resources. That way, if an email password is compromised, other assets remain secure.
Compliance regulations may not be that exciting but they are there for a reason. Financial and healthcare institutions in particular have to ensure that data is kept as secure as possible in order to avoid serious consequences.
Failure to comply with regulations not only carries financial penalties, but can seriously damage your corporate reputation. This will impact on your future business to the point where customers might avoid working with you.
Launch a fightback against spam
One of the most annoying and dangerous security issues is spam , with more than three percent of spam mails containing dangerous malware . We all receive emails each day that try and make you give up important details such as your bank details. Spam also negatively impacts on employee productivity, so you need an anti-spam solution in place.
However, if you choose a product that is ‘too strict’ in how it views spam , you can end up having important emails blocked at the same time, which again causes productivity issues. The best choice is to choose a solution that looks at global spam traffic trends and then modifies its strategy accordingly.
Watch for malware
Malware is more vicious and dangerous than ever, with new attacks emerging all the time. Your organization not only has to fight against all the malware that is currently out there, but has to be ready to defend itself from zero-day exploits. Having powerful malware engines in place is something that you simply cannot live without.
Don’t go phishing
If you are unaware of the techniques used with phishing scams, it is easy to give up your details without even knowing that you have put yourself at risk. Be aware of any emails that ask you to surrender private information that could be used for identity theft.
A good step is to have a tool that looks for keywords related to confidential data not just embedded in the email, but also in the subject line, attachments and the address. Coupled with a policy that helps to ensure data is not sent out deliberately or inadvertently , your organization will have an extra level of protection against any number of attacks.
Use filtering and monitoring
Outside hackers are not the only issue you should be aware of. There are also many cases where the threat has occurred from inside an organization, leading to the loss of financial data, corporate strategies and client details. Sometimes, employees aren’t even aware that they are putting their company at risk with their email behavior.
Having a way to monitor email content will solve most of these problems. Make sure that inappropriate messages are blocked and watch for emails that might contain information that is not to be released externally.
Be ready for any breaches
Hackers are becoming increasingly more sophisticated in how they ‘attack’ companies, with many recent news articles highlighting how easy it is for data breaches to occur. Social engineering is more common than ever where hackers trick employees into giving up important details.
Be prepared for all types of hacking and don’t become a victim of corporate espionage. It is impossible to be 100% protected from all threats, but the more security policies and applications you have in place, the better your chances are of not suffering a catastrophic breach.
Implement a proper defense
It is clear that you must have software that deals with spam, malware, viruses and content filtering. If you go for only basic or free solutions, you will end up paying a steeper price than if you had purchased software of value.
Even with all the software tools in place, if your staff don’t know about threats they might face, it makes the whole security process slightly redundant. Train your staff to resist hacking attempts, how to recognize malware and avoiding phishing scams. When properly trained, employees can become the equivalent of a ‘human firewall’.
Keep your email attachments secure
Email attachments are very important to most businesses. However, they can be used to spread malware infections, gain access to your IT infrastructure and leak confidential information. You always need to ensure that your company’s email attachments are as secure as possible.
Block dangerous attachment formats
A good starting point is to create a policy that blocks all email attachments that use potentially dangerous formats e.g. .exe files or password protected zip files. If your company sends these file formats legitimately, use tools like Dropbox or a portal to securely transfer files.
Use multiple anti-virus engines to scan attachments
There is often lag time between the appearance of a new malware threat and when anti-malware engines can detect it. This exposes organizations if they are only using one anti-virus engine. Using four or more anti-virus engines significantly increases the chance that any new malware will be quickly detected and quarantined.
Don’t send confidential information via email attachments
Data like credit card information or social security numbers should never be sent via email. Email policies should be set up to block any email attachments that contain information of this kind so no sensitive data gets leaked into the public sphere. Alternative methods should be provided for transferring files securely so that users don’t have to resort to email.
Sanitize email attachments
The battle against malware and viruses changes daily. Targeted attacks like zero-day attacks and new malware with no anti-virus definitions can get past your anti-malware engine and end up in your users’ mailboxes. As these threats will be unknown, email attachments should be sanitized by converting files to a different format and removing any possible embedded threats. For example, converting a Word document into a PDF will remove any potentially harmful scripts before they do any damage.
Beware of spoofing
Hackers often use increasingly cunning methods of fooling people into opening harmful attachments. One method used is to rename extensions so that malicious files look harmless. Making an .exe file look like a .txt file means that a user is more likely to think that the attachment is safe. If there is every any doubt into the authenticity of an attachment, it is best to be delete it immediately.
Email security solutions
With all the risks that are inherent to running a business, email security often appears quite low down in the list of priorities. However, you could be facing some serious hazards if your emails are not secured, so lets see how you can reduce your email security risk. Let’s take a look at how third-party solutions can make the whole process of email security a much easier proposition.
Spam emails are simply a fact of life sadly, continually clogging up inboxes and overloading email servers. Worse still, some of these emails contain malicious attachments that can cause catastrophic destruction to your IT infrastructure if left unchecked.
Spammers are trying increasingly smarter techniques to get into your inbox, so it is essential that you have a strong spam filter in place and anti-spam software to give you maximum protection.
You should have a routine to check all emails for viruses. This applies to both spam emails and legitimate emails from colleagues and clients. Viruses can steal data and delete it beyond recovery, so make sure that all emails and attachments are scanned constantly to reduce the risk of a virus compromising your security.
A secure email archiver increases your email security dramatically. By using a solution that regularly backs-up and archives all email information, storing it in an encrypted form, the risk of data being stolen or lost is reduced considerably. With an email archive, you can also reduce the risk to your email server, thus preventing it from slowing down or overloading. It is the best way to store your emails and reduce any security risks.
In the end, email security risks are out there and they can very easily cause you untold misery. It could be an outside attack from a virus or could come from within your company due to overworked hardware. These risks are easily managed if the right steps are taken to protect yourself. So, it might be time to look at your email security policies and see if you are doing enough to protect your business.