Information Security Today Home

New Books

Multilevel Modeling of Secure Systems in QoP-ML by Bogdan Ksiezopolski; ISBN 9781482202557
Securing Systems: Applied Security Architecture and Threat Models by Brook S. E. Schoenfield; ISBN 978-1-4822-3397-1
Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare by Thomas A. Johnson; ISBN 978-1-4822-3922-5
Data Privacy for the Smart Grid by Rebecca Herold and Christine Hertzog; ISBN 9781466573376
Multilevel Security for Relational Databases by Osama S. Faragallah, El-Sayed M. El-Rabaie, Fathi E. Abd El-Samie, Ahmed I. Sallam, and Hala S. El-Sayed; ISBN 9781482205398
Android Malware and Analysis by Ken Dunham, Shane Hartman, Manu Quintans, Jose Andre Morales, and Tim Strazzere; ISBN 9781482252194

How to Solve the Five Biggest Email Security Problems

By Mike Spykerman, VP at OPSWAT

Email is a critical business tool. Without access to email for even a few hours, a company's productivity is severely hampered. Although email is essential for productivity, if it is not properly managed, it can also cause major headaches, ranging from infected machines and system downtime to embarrassing data breaches and steep compliancy fines.

As much as 70% of all email traffic is estimated to be spam. Even though spam is a major nuisance, most anti-spam products do a fairly good job at blocking most spam. However, there are still some major email security issues that not every company is able to successfully protect themselves against. So what are the biggest email security problems that companies face today and how can they be solved?

1. Malware: According to eWeek, 2-4% of all emails contain a virus, which means that 6 million email viruses are sent out every day. A particular nasty variation of malware circulated via email is ransomware, which encrypts all files on the system and demands a ransom to unlock the data. Unfortunately, even if you have an anti-virus solution in place, this will not necessarily protect you from all threats. As Darryl K. Taft wrote in a recent eWeek article, "Many standard off-the-shelf antivirus solutions do not have the sophistication or capabilities to stay on top of the daily evolution of viruses and malware." To increase protection against email threats and new outbreaks, companies need to implement a multi scanning solution that will scan email attachments with multiple anti-virus engines. By leveraging the power of the different detection algorithms and heuristics of each engine, detection rates are significantly increased, providing robust protection against malware threats.

2. Spear Phishing: A massive 95% of data breaches start with a spear phishing attack, according to the SANS Institute. Considering that most companies deploy anti-spam and anti-virus solutions, why are these spear phishing attacks still so successful? To avoid detection by regular spam filters, spear phishing emails are only sent to a small number of individuals and considerable effort is put into making the emails look legitimate. Also, many spear phishing attacks make use of unknown threats or zero-day vulnerabilities that not all anti-malware engines will be able to detect. The solution to spear phishing is to beef up your email security gateway with a multi-scanning solution that increases your protection against known and unknown threats and decreases vulnerability to malware that evades or disables specific anti-malware engines. In addition, as a precautionary measure, it is a good idea to apply data sanitization to remove any active code from email attachments by changing the file format. Many spear phishing emails include malicious Word or PDF attachments. By changing the format of a Word document to PDF and vice versa, scripts and other possible threats are automatically removed.

3. Large Email Attachments: Many email servers place limits on the size of files, usually 10 MB. If an attachment is too large, the delivery will fail, in many cases without the sender knowing. Large attachments may also cause mail server problems for both the sending and receiving party. To avoid this from happening, companies must provide employees with a file transfer system for easily sending large email attachments, improving efficiency and productivity, as well as avoiding IT headaches.

4. Data Loss: Every company has a duty to keep customer and employee records safe. While many companies continue to use email to exchange confidential data, this is strongly discouraged. Email can be intercepted, and confidential information sent through unencrypted email is at risk of being exposed. Companies require a secure file transfer system that automatically encrypts files and can require user authentication before allowing access to files. If possible, the system should be able to automatically intercept emails and send attachments via secure file transfer, minimizing the chance of accidental data loss through human error. By implementing such a system, companies can ensure that sensitive data remains secure.

5. Compliance Issues: Several industry regulations exist that impose data security requirements on companies, such as HIPAA, Sarbanes-Oxley, PCI, FCC, and SEC, as well as EU data protection regulations. In order to avoid credit card data or social security numbers being accidentally emailed and exposed, it is advisable to configure email filters to quarantine emails containing these number sequences in the email or attachment. EU regulations require companies to add a company footer to every email, containing the company address, registration number and owner information. By configuring your email security solution to automatically add these footers to your emails, non-compliance can be avoided. Finally, if you use a secure file transfer system to exchange sensitive data with third parties, and you are able to provide an audit trail for each transfer, your company can prove that it has taken necessary measures to protect confidential information in transit.

Email is a vital business tool for every organization and as such it is important to properly manage it and ensure that email security issues do no cause unnecessary productivity issues. By protecting yourself against email security issues, such as those mentioned above, and implementing email security solutions that add an extra layer of protection to your company, you will be sure to avoid any major headaches that can stem from poorly managed email security.

 
Subscribe to
Information Security Today







Bookmark and Share


© Copyright 2015 Auerbach Publications