Are you Managing your E-mail Risks?

E-mail is critical to the success and operation of most organizations. Without e-mail, organizations are less efficient and can’t compete against larger, and more established firms.

Computer users are critical to the success of an organization’s security platform. E-mail threats such as spam, viruses, and phishing specifically target users and their end point devices. Hand held devices put data "on the move" and the same users that are critical to the success of an organization’s security framework now present security related risks.

E-mail systems require on-going IT management and monitoring. Not only must e-mail hardware and software be periodically upgraded, these same systems must be patched on a regular basis.

IT departments are responding to known security threats by implementing traditional security measures:

• Employee awareness - security education and training
• Anti-malware - anti-virus, anti-spam, anti-spyware, and anti-pop up software
• Patch management – keeping software and firmware patched and up-to-date

However, organization management must be aware of other types of risks including risks related to transmitting information:

• Confidentiality - e-mail attachments can include confidential information such as customer lists and pricing that should not be sent to recipients outside of the organization
• Clear text – sensitive information can inadvertently be sent in clear text
• Traffic – e-mailing large documents creates bottlenecks and uses up valuable network bandwidth
• Compliance – meeting regulatory requirements related to information as it is collected, stored, archived, and secured

Risk assessments and network security audits can help organizations evaluate additional risks such as service level performance, support (technical and user), redundancy and availability, as well as fail over and contingency plans. Formal and documented policies ensure a top down approach to managing e-mail and network security risks.