Email is by far the number one way networks are compromised and the main route for data leakage. Fortunately there are some simple ways to safeguard this vital asset and the resources your email connects to.
1. Proper passwords
Too many email accounts are protected by passwords weaker than a Tour de France racer’s bicep. Simple passwords are simple to remember – so left to their own devices, that is what end users tend to choose.
A better approach is to have a policy that demands complex passwords that are regularly changed and kept secret. And to not have the same password used for email also used to log onto corporate apps and network resources. This way if the email password is cracked, the other resources are still safe.
2. Block data leakage
Email is one of the main sources of data leakage. The data that gets out can include credit card numbers, social security numbers and confidential medical information.
The first step is to develop and disseminate a policy that helps ensure that this data is not sent out, either on purpose or inadvertently.
That is not enough. You should also have a tool to look for keywords related to confidential data and find keywords not just embedded in the email, subject line and attachments, but also the address.
3. Stop spam in its tracks
Spam remains a huge annoyance, but even worse, a massive security problem. That’s because more than three percent of spam mail carries malware.
And spam remains a huge productivity problem. If you just get five spams a day, and spend half a minute with each message, you’ll waste 15 hours a year, finds Ferris Research.
4. Control content via filtering and monitoring
IT and upper management know that data is perhaps their most precious resource, and some more precious than others, such as financials, client data, unreleased products, strategies – all of which are all game-changers if purloined.
While many believe the only real security threat comes from outside hackers, the insider threat can be more insidious and dangerous. And with email, your end users don’t even always know they are causing such a problem.
Email content monitoring can help solve most of these problems, keeping your company out of hot water by blocking inappropriate messages.
5. Make malware go away
Malware of all shapes and sizes isn’t going away, but instead is getting more vicious and numerous. And new attacks are emerging all the time. Not only do you have to beat back the thousands of exploits already out there, you also have to protect yourself from zero-day exploits.
Just like with spam, you need multiple anti-malware engines for true protection.
6. Block breaches
The annual Verizon Data Breach Investigations Report recently found that hackers are increasingly conducting email attacks to support espionage, much of which is corporate espionage. These attacks are more organized than ever, often conducted by organized criminals or even state-supported.
Many financial and health care companies fall under compliance regulations. But even for those that don’t, this kind of compliance is good discipline, good security, and good data leakage protection.
Compliance rules carry serious consequences. Consider the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the US.
First, failure to comply can be a real reputation buster. An employee at the Regional Medical Center in Memphis disclosed patient data by accident though email. The mistake impacted 1,200 patients, and the Center had to widely disclose the problem.
It can be just as bad on the wallet. A hospice in Idaho lost just one laptop and had a $50,000 fine.
8. Training and best practices
One essential way to protect email is defense-in-depth tools, anti-spam, anti-malware and monitoring. Despite these efforts, attacks can still get through. That’s because hackers use social engineering to trick employees into giving up the goods.
Famous ex-hacker Kevin Mitnick is now training end users to resist hackers, and phishing in particular. Security training company KnowBe4, LLC. for whom Mitnick works, looked at 372 shops with over 291,000 endpoints.
Prior to end user training, close to 16 percent of employees were vulnerable to phishing. Training had a dramatic impacting, reducing phishing vulnerability 12-fold. Mitnick believes poorly trained employees are the real weak link, but when schooled become what Mitnick terms a ‘human firewall’.
9. Fight phishing
Phishing is very effective with the uninitiated and untrained. But even sophisticated users can be taking in by a cleverly designed scheme. Think it’s not a big problem? Almost 40 million users fell victim to phishing, a rate 90% higher than the previous two years.
10. Implement defense-in-depth
Email attacks come from every direction and in many different forms. The only way to be safe, in addition to offering training, is to implement defense-in-depth. You must have:
– Antivirus and anti-malware
– Content filtering.
Want to learn more about how you can enhance your email security? Get your free eBook 10 things you must do about email security right now! today.