How Secure is Your Corporate Email System?
Since there is no hard bound rule as to how this data must be protected by companies, a standard approach is used by most and over time these have become the best practices. Here are a few of them, required by any company looking for compliance in the case of email security.
1. All message vigilance: It makes a lot of sense for the business in question to have a system which checks all the incoming and all the outbound messages. The incoming messages have to be processed and checked for spam, but it is even more important for the outbound messages to be checked since they originated from within the corporation – they might either contain information that ought not to leave the corporate walls or it might have something malicious that could harm the recipient in some way or the other. Any solution that is going to be considered for this purpose must have a strong outbound email scanning engine.
2. Secure email communications: A lot of times, most companies deal with a lot of other businesses, customers and vendors on a regular basis. If the company intends to share information with them daily, it makes sense to encrypt those messages to keep important messages secure for only those the messages was meant for. For instance, an automobile manufacturer communicates with a lot of vendors each day and the information transferred to and fro is confidential. It must have some sort of encryption in place to keep from say, a nosy janitor reading it and selling the information to another company.
3. Encryption is good, but not always: Sometimes, certain emails have to go out of the company to accounts that are rather new – new business partners, customers or infrequent vendors. In such cases, certain systems have to be in place to enable a secure email session but still not use encryption. Google Message Encryption, for instance, allows the recipient to safely download his or her messages from a secure portal where the message is first directed to by the company.
4. Knowing is half winning: Organizations are made of people and the better the people are, the better the companies are bound to be. When it comes to email security policies and compliance issues, one of the best things to be done is to educate and train the work force on why compliance is important and why email security has something for everyone. Also, the point that each of them has a role to play in the program's successful implementation has to be driven home.
5. Make decisions centrally: It is often not recommended that users ( employees and other users) within the corporate network don't get to make the important decisions (at least with regards to Enterprise Security) for the simple reason that the security decisions are not practically possible at the user level and also that the consistency cannot be achieved. Most of the customer data like SSN numbers, credit card information, etc is all best handled centrally.