Channel Marker

Jan 15 2007   1:30PM GMT

Hitting forward: An email security nightmare

Brein Matturro Profile: Brein Matturro

No business is safe from email security issues. As a consultant or VAR, you have to deal with customers’ spam, phishing and denial-of-service attacks, and you’ve probably tried to solve these problems with encryption, digital certificates and rerouting traffic, among other tactics. But despite your best efforts, the employees themselves are often to blame for security threats.

In a recent New York Times article, prominent security professionals discussed the growing trend where employees forward company email to personal Web accounts — like Google and Yahoo — for easy access. No matter how strong your customer’s office email security may be (see our Email Security Project Guide), once the information leaves the office, there’s almost no way to control it. So what’s the answer?

Some companies block access to external email accounts through Internet policies, and others monitor all outbound mail to Web accounts searching for perpetrators who forward private company information to insecure sites, but employees complain about the lack of trust these solutions suggest. In Email threats: Educating your SMB Customer, Larry Loeb says: “Email is not just text transmissions any more. It is the flow of information that supports and makes a business possible. A VAR or consultant has to appreciate this reality, and make sure their customers do, too.”

Take those words to heart in today’s scary email security environment. If you can help your customers understand that many real threats come from employees clicking on bogus links and forwarding sensitive information to their personal accounts, you’ll become an invaluable resource. You might also consider solutions that allow employees to access company email just as quickly and easily as personal email, but with office security policies in place. That way they won’t even be tempted to hit the forward button.

Do you have an email security breach horror story? Post it here or pose a question to Russell Dean Vines, our information security threat expert.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: