Thursday, January 06, 2011

Are you Managing your E-mail Risks?

E-mail is critical to the success and operation of most organizations. Without e-mail, organizations are less efficient and can’t compete against larger, and more established firms.

Computer users are critical to the success of an organization’s security platform. E-mail threats such as spam, viruses, and phishing specifically target users and their end point devices. Hand held devices put data "on the move" and the same users that are critical to the success of an organization’s security framework now present security related risks.

E-mail systems require on-going IT management and monitoring. Not only must e-mail hardware and software be periodically upgraded, these same systems must be patched on a regular basis.

Security response
IT departments are responding to known security threats by implementing traditional security measures:
  • Employee awareness - security education and training.
  • Anti-malware - anti-virus, anti-spam, anti-spyware, and anti-pop up software.
  • Patch management – keeping software and firmware patched and up-to-date.

However, organization management must be aware of other types of risks including risks related to transmitting information:

  • Confidentiality - e-mail attachments can include confidential information such as customer lists and pricing that should not be sent to recipients outside of the organization.
  • Clear text – sensitive information can inadvertently be sent in clear text.
  • Traffic – e-mailing large documents creates bottlenecks and uses up valuable network bandwidth.
  • Compliance – meeting regulatory requirements related to information as it is collected, stored, archived, and secured.

Risk Assessments
IT risk assessments can help organizations evaluate additional risks such as service level performance, support (technical and user), redundancy and availability, as well as fail over and contingency plans.