- slide 1 of 3
Email Security Risks
"Email is an often-overlooked exposure area when assessing or evaluating an organization’s overall security risk."1
Email is a widely used Internet service. Its usage is growing all over the world, and so is the concern with email security. However, emailers still email because they know it provides ease of communication from one computer user to another at any location.
- Spam. Internet spam is unwanted email sent to a victim's inbox. It is the one email security risk that gives computer users the most trouble these days as it is the one most often received (see the image on the right). The best advice to get rid of spam is to use a spam blocker or spam filter. It is also a good idea to report spamming to the Federal Trade Commission (firstname.lastname@example.org) as well.
- Phishing. Phishing always involves email scams: schemes that will trick unsuspecting victims into giving up money and information. My advice is to use the Netcraft antiphishing toolbar (www.toolbar.netcraft.com) that warns about known phishing sites. And, be sure to help stop email phishing by reporting it to the Anti-Phishing Working Group (email@example.com).
- Viruses. Computer viruses (and other malicious content) are commonly found in email attachments. Viruses can execute from an opened attachment, so use caution. It is best to avoid opening email attachments that look suspicious. The best advice is to use "MIME Object Security Sevices" (MOSS), which allows the secure exchange of attachments to email messages. Otherwise, use a virus scanner or install anti-virus software (and keep it up to date) to catch viruses before one gets through and infects your PC. Also, be sure to report any virus incidents to US-CERT (https://forms.us-cert.gov/report/).
- Disclosure to prying eyes. There are reported cases of eavesdropping on non-encrypted emails. My advice is to keep sensitive data in emails private by using a popular encryption software package like "Pretty Good Privacy" (PGP) or a "Privacy Enhanced Mail" (PEM) compliant electronic mail system.
- Monitoring of email. Some businesses monitor their employees' emails to see if they are working efficiently on a daily basis, and there are no federal laws against it yet. A similar thing is carried out by email marketing firms that need to sell products or market their company. More on this subject can be read at http://www.emailmonitors.net/. But the real problem here lies with those outsiders who have the tendency to monitor email traffic to retrieve someone else's credit card number, bank account number, and passwords. This can lead to identity theft.
- slide 2 of 3
How to Prevent Email Risks
For those computer users who need advice on Internet security email risks, I have the following advice for you...
- Use an email program that provides the option to enable SSL. SSL can provide secure communications. Enabling SSL can help prevent an email account from potential risks while you're connected to the Internet.
- Make sure to choose a secure email service. A free e-mail service such as Google or Yahoo may not prevent email risks, so use a secure email service like Hushmail (www.hushmail.com).
- Only download email attachments from trusted users and sites; otherwise, there is a chance of a computer PC being infected by a virus. Ensure protection by running an antivirus software.
- Make certain the PC's security software is updated automatically to allow "rules" or "definition" files can be updated regularly to catch the latest email threats.
- Always use some type of built-in security application and email protection software that can prevent email risks. Computer emailers may want to consider Email Sentinel Pro (http://www.emailaddressmanager.com/email_sentinel.html), which can stop and quarantine emails that may contain viruses.
My best advice is for emailers to seek a high-performance, risk-free, business-driven email solution, like one of the M+ products:
- M+Archive - Email archiving & e-discovery
- M+Guardian - Email security & data leak prevention
- M+NetMail - High-performing webmail
- M+SecureStore - Secure email storage
For More Advice, see my list of the 10 Ways to Make Email More Secure.
Also, make it a priority to take a proactive approach to Internet security email risks. Implement an email risk management policy to mitigate misuse and abuse of inbound, outbound, and internal email. My advice is to look into MessageGate Policy Enforcement 5.0 and possibly MessageGate Activity Profile (MAP) 3.0 for real-time email enterprise monitoring.
* Image Credit: Mailprotector
- slide 3 of 3
Resource and Reference Section
1: Email Security Risks and How to Reduce Them from Google docs, retrieved at http://docs.google.com/viewer?a=v&q=cache:_sVwdQZdwV8J:davidgibson.com/Email%2520Security%2520Risks%2520and%2520How%2520To%2520Reduce%2520Them.pdf
From US Cert: Cyber Security Tip ST04-023 (Understanding Your Computer: Email Clients), retrieved at http://www.us-cert.gov/cas/tips/ST04-023.html