Five mistakes users make when securing e-mail
Computerworld - E-mail has become an important application on corporate, service provider, education and government networks, and securing it is equally important. Although some things in life can work 90% of the time and it's good enough, customers' dependence on mission-critical e-mail communications requires that the right e-mail security solutions work 100% of the time at the highest levels of effectiveness.
Accordingly, when organizations select and deploy what they believe is the right solution, they need to follow certain guidelines to prevent mistakes that could jeopardize the whole network.
Here's a list of top mistakes that many customers make regarding e-mail security:
1. Running security software on an insecure operating system
Insecure operating systems like Microsoft Windows or even Sun Microsystems' Solaris have many public exploits that hackers can take advantage of and technical documentation for the world to see. Many administrators deploying these products at the edge of their networks forget to harden the operating system from attack. The result is that hackers can seize control over executable environments that are left available, ports that are left open and services that are left running for non-e-mail applications such as FTP or Telnet.
2. Using only desktop antivirus and antispam software
Many companies think desktop software solves the problem. However, this approach creates the problem of junk mail and malicious e-mail that traverses the internal network creating significant risk of exposure and then gets to the core mail server where it wastes storage and process resources. Desktop software is often controlled by the end user and can be disabled, or it may not be updated often enough to yield the highest levels of protection. By using an e-mail security gateway appliance, end users need not worry about desktop-based updates or installations because security is done by the IT department and through intelligent, self-updating appliances within the network.
3. No outgoing protection
With many viruses propagating via e-mail, no business wants to let spam containing a virus like Sobig to get sent to its partners, suppliers or customers. Some customers, such as service providers or educational institutions, also need to watch out for the "spammer" within their network. Outgoing filtering can reduce these risks. In addition, using filtering and policy enforcement features can prevent leaks of sensitive information and filter out inappropriate content such as profanity or harassment.
4. No redundancy of gateway
Your home alarm system is effective only if it's working properly. It's the same with e-mail security: It needs to be running and providing protection around the clock. The right solutions need to have built-in reliability and system redundancy to recover from a power loss and to ensure that no critical e-mail messages are lost or corrupted.
5. No logging or reporting
Just as companies can view employee activity on the telephony network using call records from bills, the same approach should be applied to e-mail, so managers and IT administrators can get a bird's-eye view into e-mail activity. IT managers should know who is sending large volumes of outgoing e-mail, who is sending e-mail to competitors or who is having inappropriate communications with other employees or outsiders via e-mail. This is especially important for regulatory compliance and increasing corporate liability concerns.
Jeff Brainard is a senior manager at Mirapoint, a provider of e-mail server and security appliances based in Sunnyvale, Calif.
- E-mail: Big Decisions
- E-Mail: Suite Dilemmas
- Keeping a Tight grip on E-Mail
- You go First: Making the E-Mail Upgrade Decision
- QuickStudy: Collaborative Software
- The Almanac: E-Mail
- The End of E-Mail
- Editor's Picks: The Best of Our E-Mail Coverage
- E-Mail Horror Stories
- Five Mistakes Users Make When Securing E-Mail
- Sharky's E-Mail Inbox
Read more about Applications in Computerworld's Applications Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Exponentially Accelerate Data Protection and Recovery with Simpana 10 IntelliSnap® Snapshot Management Technology Are you making the best use of your storage array snapshot functionality? CommVault Simpana 10 IntelliSnap technology manages hardware-based snapshots across multiple vendor...
- Simpana IntelliSnap Technology Datasheet With IntelliSnap you can maximize the value of your snapshot technology while dramatically reducing management overhead and complexity.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Applications White Papers |