Email: The Forgotten Security Threat
Businesses need to consider a variety of IT security risks today: viruses, malicious applications, hackers – the list goes on. With all of the new threats and vulnerabilities popping up, many companies are taking their eyes off of the most common method of transmitting these very threats: EMAIL.
So it’s understandable that many companies simply install an anti-spam and anti-virus solution on their email server and call it a day. Email, however, is still a major vulnerability and needs to be addressed.
Many companies are implementing digital signatures between their business units, service and product providers, financial institutions and their clients. Encrypting emails is a necessary part of implementing digital signatures, but establishing encryption policies between organizations on its own cannot ensure confidentiality.
Email reputation solutions use information from the sender, characteristics of the email and even lists of known malicious email servers to block or accept email from specific servers. While these solutions provide a good level of protection, there is a potential for false positives.
Email security is not only about securing the environment from malicious activities but also about securing the environment from inappropriate use. While some loss of corporate intellectual property can be attributed to malicious applications, far more can be credited to authorized users’ actions. Many employees email themselves company information to their other email accounts in order to allow them to work remotely. This transfer of data may be innocent in thought but causes security risks in practice. Once company confidential data leaves the internal corporate systems, little, if any, security solutions are available to protect it.
Data loss prevention
Data loss prevention solutions are designed to reduce the risk of data loss by monitoring specific categories of data and alerting or blocking unauthorized usage. Data loss prevention solutions provide some access control characteristics or work with access control solutions to limit access to specific users and applications. Additionally, they are designed to stop unauthorized duplication, printing and transmission of data. These solutions can stop data from being emailed outside the company or limit emailing to specific organizations or individuals. Implementation of data loss prevention solutions typically include access control mechanisms like multi-factor authentication, encryption of data and network and server monitoring. Data loss prevention solutions have matured over the past couple years, providing more functionality and features as well as coming down in price. As a result, they are beginning to become popular.
Mobile data management
With the reliance on smartphones and other mobile devices, all of these same solutions now need to be replicated in the mobile world. Mobile data management solutions provide added levels of control and security for corporate email, voice and text communications.
What is your organization doing to protect from email security breaches?