Posted by: Brein Matturro
Network and application security
No business is safe from email security issues. As a consultant or VAR, you have to deal with customers’ spam, phishing and denial-of-service attacks, and you’ve probably tried to solve these problems with encryption, digital certificates and rerouting traffic, among other tactics. But despite your best efforts, the employees themselves are often to blame for security threats.
In a recent New York Times article, prominent security professionals discussed the growing trend where employees forward company email to personal Web accounts — like Google and Yahoo — for easy access. No matter how strong your customer’s office email security may be (see our Email Security Project Guide), once the information leaves the office, there’s almost no way to control it. So what’s the answer?
Some companies block access to external email accounts through Internet policies, and others monitor all outbound mail to Web accounts searching for perpetrators who forward private company information to insecure sites, but employees complain about the lack of trust these solutions suggest. In Email threats: Educating your SMB Customer, Larry Loeb says: “Email is not just text transmissions any more. It is the flow of information that supports and makes a business possible. A VAR or consultant has to appreciate this reality, and make sure their customers do, too.”
Take those words to heart in today’s scary email security environment. If you can help your customers understand that many real threats come from employees clicking on bogus links and forwarding sensitive information to their personal accounts, you’ll become an invaluable resource. You might also consider solutions that allow employees to access company email just as quickly and easily as personal email, but with office security policies in place. That way they won’t even be tempted to hit the forward button.
Do you have an email security breach horror story? Post it here or pose a question to Russell Dean Vines, our information security threat expert.