Six Email Security Initiatives for the New YearWritten by Jeff on December 19, 2012
As the year winds down, many organizations are looking for new initiatives to bring in the New Year. As email administrators fighting spam and phishing should be at the top of our lists. To effectively protect our users and resources against email borne threats, here is a list of projects that can help your organization better fight cyber criminals who attack you through your inbox.
Update your anti-spam solution
If you are still relying on an appliance that filters by keywords or blacklists and whitelists then it is time for an upgrade. Anti-spam solutions nowadays should employ multiple filtering technologies to keep up with the various techniques used by spammers. Make sure that your anti-spam solution provides:
- A high detection rate
- A low false positive rate
- Malware detection
- The ability for users to identify spam
- Whitelist/blacklist abilities
- Bayesian filtering
- A management console that is user friendly
Review policies regarding email use
Most organizations have some type of policy in place that governs the use of email in the workplace. Unfortunately, many of them were written years ago and are outdated. Policies should be reviewed and at a minimum should include:
- Use of CC and BCC
- Inappropriate email messages
- How to deal with suspected spam and phishing emails
- Subscribing to newsletters and websites using work email
- Publishing work email addresses in forums or other social sites
These policies should also be reviewed with your fellow employees, and not simply through an email that says, “Read over these.” Users can be one of the best defenses against email borne threats if they know what they are doing.
Plan to train your co-workers
Right now, phishing is the most dangerous threat that organizations face when it comes to data. Users are constantly being tempted by phishing emails that install malware on their computers or attempt to socially engineer sensitive data like usernames, passwords or account numbers.
By teaching your users what techniques and tricks that phihers use in their attacks you can not only help prevent them in your organization, but you will also find that more users will be comfortable reporting emails that they suspect to be illegitimate.
Learn more about security
It is important to keep your users on their toes when it comes to email security, but you shouldn’t neglect your own education along the way. If possible, enroll in a security course to update your skill set or attend conferences that provide education about email security topics.
At the very least, find a few blogs (like this one or The Email Admin) and websites that can keep you up to date on security threats.
Protect the mobile devices
Mobile devices have become an important tool in business communication, especially where email is concerned. The bad guys know this and have already released malware into the wild aimed specifically at Android and iOS devices. The cyber criminals and illegitimate marketers looking to capitalize on the fact that many of these devices are used outside the protective confines of the network have targeted all Smartphones, tablets and the laptop. Using a cloud based solution to fight against spam and other email borne threats can go a long way in protecting devices that are not always connected to the network.
Keep management up to date
When it comes to funding new security initiatives you generally need the support of your manager and a few others as well. The best way to get them on your side is to keep them apprised of the current state of your email security and the current state of the threat landscape. If they see, and understand, that things need to be done to enhance what is already working you may find it easier to get things moving along.
Do you have any security initiatives planned for the upcoming year? If so, please share them with the other readers.