Six Email Security Initiatives for the New Year

Written by Jeff on December 19, 2012

As the year winds down, many organizations are looking for new initiatives to bring in the New Year. As email administrators fighting spam and phishing should be at the top of our lists. To effectively protect our users and resources against email borne threats, here is a list of projects that can help your organization better fight cyber criminals who attack you through your inbox.

Update your anti-spam solution

If you are still relying on an appliance that filters by keywords or blacklists and whitelists then it is time for an upgrade.  Anti-spam solutions nowadays should employ multiple filtering technologies to keep up with the various techniques used by spammers. Make sure that your anti-spam solution provides:

  • A high detection rate
  • A low false positive rate
  • Malware detection
  • The ability for users to identify spam
  • Whitelist/blacklist abilities
  • Bayesian filtering
  • A management console that is user friendly

Review policies regarding email use

Most organizations have some type of policy in place that governs the use of email in the workplace. Unfortunately, many of them were written years ago and are outdated. Policies should be reviewed and at a minimum should include:

  • Use of CC and BCC
  • Inappropriate email messages
  • How to deal with suspected spam and phishing emails
  • Subscribing to newsletters and websites using work email
  • Publishing work email addresses in forums or other social sites

These policies should also be reviewed with your fellow employees, and not simply through an email that says, “Read over these.” Users can be one of the best defenses against email borne threats if they know what they are doing.

Plan to train your co-workers

Right now, phishing is the most dangerous threat that organizations face when it comes to data. Users are constantly being tempted by phishing emails that install malware on their computers or attempt to socially engineer sensitive data like usernames, passwords or account numbers.

By teaching your users what techniques and tricks that phihers use in their attacks you can not only help prevent them in your organization, but you will also find that more users will be comfortable reporting emails that they suspect to be illegitimate.

Learn more about security

It is important to keep your users on their toes when it comes to email security, but you shouldn’t neglect your own education along the way. If possible, enroll in a security course to update your skill set or attend conferences that provide education about email security topics.

At the very least, find a few blogs (like this one or The Email Admin) and websites that can keep you up to date on security threats.

Protect the mobile devices

Mobile devices have become an important tool in business communication, especially where email is concerned. The bad guys know this and have already released malware into the wild aimed specifically at Android and iOS devices. The cyber criminals and illegitimate marketers looking to capitalize on the fact that many of these devices are used outside the protective confines of the network have targeted all Smartphones, tablets and the laptop. Using a cloud based solution to fight against spam and other email borne threats can go a long way in protecting devices that are not always connected to the network.

Keep management up to date

When it comes to funding new security initiatives you generally need the support of your manager and a few others as well. The best way to get them on your side is to keep them apprised of the current state of your email security and the current state of the threat landscape. If they see, and understand, that things need to be done to enhance what is already working you may find it easier to get things moving along.

Do you have any security initiatives planned for the upcoming year? If so, please share them with the other readers.

Comments

Finley Wilson December 21, 2012

As a business owner, my first priority for next year will be to teach my staff more about spamming and other IT threats as well as the different ways to prevent or control them. Thankfully, my small business is doing great for the past few months, and I’m ready to expand during the first 4 months. But I don’t think I can do that unless I’m sure my staff can also support and collaborate with me in fighting these different kinds of threats. Besides, who knows, they have something great to contribute that will help us become more effective in managing spam and malware.

Dwight December 23, 2012

One of the things in my to-do list is exactly no. 1: update my solution. I’ve made a mistake of choosing something very basic because it’s very cheap. I didn’t really plan well, because only after a few months of operation, I experienced success and my brand became more well-known online. That also means that our corporate e-mail address is more exposed to spammers. So I can have more time to focus on marketing and harnessing opportunities, I’m delegating my e-mail monitoring to my younger sister, but she doesn’t have quite a lot of experience when it comes to spamming, so a good program is the best for her.

Dion Frederick January 2, 2013

“Publishing work email addresses in forums or other social sites”—this is actually correct for many reasons. First I think it’s unethical for any employee to publish company e-mail unless it’s found in the corporate website or he’s mandated by the management to share it in the World Wide Web. Second, a lot of spammers are still traditional, and they normally spam e-mails that are freely published in the Internet. Yes, there should be an easy-to-follow and review policy when it comes to sharing such pertinent information online. If I may add, companies should also look into other contact details such as their phone numbers and actual building address.

  • (required)
  • (required)