Email: The Forgotten Security Threat

 In Cyber Security, Email

Businesses need to consider a variety of IT security risks today: viruses, malicious applications, hackers – the list goes on. With all of the new threats and vulnerabilities popping up, many companies are taking their eyes off of the most common method of transmitting these very threats: EMAIL.

Email was initially the greatest means of stealing information, but has since gone overlooked with emerging threats such as SQL injection and cross-site scripting garnering increased attention.

So it’s understandable that many companies simply install an anti-spam and anti-virus solution on their email server and call it a day. Email, however, is still a major vulnerability and needs to be addressed.

Digital signatures

Many companies are implementing digital signatures between their business units, service and product providers, financial institutions and their clients. Encrypting emails is a necessary part of implementing digital signatures, but establishing encryption policies between organizations on its own cannot ensure confidentiality.

Email reputation

Email reputation solutions use information from the sender, characteristics of the email and even lists of known malicious email servers to block or accept email from specific servers. While these solutions provide a good level of protection, there is a potential for false positives.

Email security

Email security is not only about securing the environment from malicious activities but also about securing the environment from inappropriate use. While some loss of corporate intellectual property can be attributed to malicious applications, far more can be credited to authorized users’ actions. Many employees email themselves company information to their other email accounts in order to allow them to work remotely. This transfer of data may be innocent in thought but causes security risks in practice. Once company confidential data leaves the internal corporate systems, little, if any, security solutions are available to protect it.

Data loss prevention

Data loss prevention solutions are designed to reduce the risk of data loss by monitoring specific categories of data and alerting or blocking unauthorized usage. Data loss prevention solutions provide some access control characteristics or work with access control solutions to limit access to specific users and applications. Additionally, they are designed to stop unauthorized duplication, printing and transmission of data. These solutions can stop data from being emailed outside the company or limit emailing to specific organizations or individuals. Implementation of data loss prevention solutions typically include access control mechanisms like multi-factor authentication, encryption of data and network and server monitoring. Data loss prevention solutions have matured over the past couple years, providing more functionality and features as well as coming down in price. As a result, they are beginning to become popular.

Mobile data management

With the reliance on smartphones and other mobile devices, all of these same solutions now need to be replicated in the mobile world. Mobile data management solutions provide added levels of control and security for corporate email, voice and text communications.

What is your organization doing to protect from email security breaches?

-Jerry Irvine

Recent Posts
*/ New Age of Phishing