In part III of our series David Kelleher, communications and research analyst at GFI’s GFISecurityLabs discusses how a small business can protect itself from e-mail threats
E-mail safety
E-mail is a great tool, but it is also a hole in your security. With every e-mail there is a chance of phishing scams, viruses and other malware. David Kelleher, GFI research analyst, tells how you can fight back.
Bright Hub: How would you advise protecting against e-mail threats?
David Kelleher: There are two approaches to protecting your network against e-mail threats. Firstly, the investment of a best-of-breed anti-spam solution installed on your server to filter against spam e-mail which can contain fraud and phishing scams; secondly, the installation of an anti virus solution that will catch infected e-mails before these have the chance to hit user mailboxes and infect the network.
If the company also has web filtering software installed, it would be a good idea to block employee access to their personal webmail accounts. Giving access to these sites may increase the risk of infected attachments or improper content being downloaded.
Employees should also be prohibited from downloading and installing unauthorized software and access to peer-to-peer sites should also be banned as this could lead to their machine, and the network, being infected by viruses or malware. A compromised machine could become part of a botnet used by spammers to send out huge volumes of junk mail.
If this occurs, the company's domain may be blacklisted and its reputation and integrity sullied.
E-mail Back-ups
Bright Hub: What are the best reasons to back up e-mail?
David Kelleher: Archiving allows organizations to manage their e-mail communication in an efficient manner and address storage issues related to PST file management and server quotas and comply with legislation and eDiscovery requests.
Administrators can maintain an archive of all the company's e-mail correspondence that is easily searchable and recoverable, and in turn reduce the need for PST files to back up e-mails. These files can be damaged and they are not a guaranteed or secure form of backup of e-mail data. An archiving system reduces the burden on administrators of going through dozens of PST backups to locate a single e-mail.
An archiving system stores all e-mails in an organized manner making it a simple and easy process to locate and recover e-mails. Having archiving software eliminates the need for employees to save and archive their own e-mails but at the same time they still have access to old or deleted e-mails from their Outlook client or web interface.
E-mail archiving creates a centralized store of all company e-mail that can come in useful when an e-mail is required in a dispute involving employees or with a client. Critical information in an e-mail can be easily recovered from an archive thus saving time and money for the company. Even if the e-mails were deleted from the user's personal machine, there would still be a copy in the archives.
With archiving in place, a company is also protecting itself from possible legal or regulatory problems if they are requested to provide copies of corporate communication in relation to a court case or eDiscovery request. Industry requirements to maintain a copy of all e-mail correspondence for a set period of time are easy to adhere to with an e-mail archiving solution.
Ultimately, backing up e-mail enables organizations to save all internal and external mail into one or multiple databases (heavily reducing reliance on PST files), protect corporate data, locate specific content quickly, be prepared in the event of litigation and fulfill regulatory e-mail storage requirements.
GFI's David Kelleher talks about e-mail management in a small office
GFISecurityLabs’ David Kelleher warns that e-mail can be a major source of lost productivity through spam and malware