Emailing Securely

In almost no time at all, email has become one of the most widely used applications in business. But email is not without its risks; there is always the potential that confidential business information and intellectual property could be stolen, destroyed, or distributed without your knowledge. In addition, email is subject to viruses or worms, and other types of Internet attacks.

Some of the more serious threats to email include:

Viruses and worms: Though these threats have been around for years, they continue to grow in quantity and sophistication. Viruses have the potential to damage files, software, and hardware. Worms are types of viruses that automatically self-replicate and are therefore more dangerous, since they can damage numerous computers without human intervention.

Trojan horses: At first glance, a Trojan horse appears to be a legitimate program. When downloaded onto a computer, however, Trojan horses can do a lot of damage. According to the latest Symantec Internet Security Threat Report, in the second half of 2005, "Symantec documented more than 10,992 new Win32 viruses and worms," almost a 50% increase over those documented one year earlier. The increase is due to the development of new Win32 worms that include features attackers can use for financial gain.

Phishing: Most cases of phishing start with a spam email. The messages appear to be from a legitimate company and often include the company's logo, name, and official-sounding language with the purpose of tricking people into divulging confidential information. The email either requests information within the text or directs you to a fake Web page that appears authentic. Symantec documented an upsurge of phishing attempts in the second half of 2005, with a reported 44% increase over the first half of the year. In addition, Symantec reported blocking 1.5 billion phishing attempts in the last six months of 2005.

Legal issues: Many small businesses overlook the possibility of legal issues arising from the misuse of email. Two particular areas of serious concern: employees sending offensive or inappropriate content via company email, and the possibility of hackers taking control of the email server to send forged messages. The emergence of email as legal evidence is forcing more companies to demonstrate that their data is not only secure from tampering, but also that specific information is quickly retrievable to support the legal discovery process. Simple record retention policies alone are insufficient to meet the standards for accessibility.

Recommendations

To combat the increased threats to today's email, protect your business by implementing the following procedures:

Antivirus software: Viruses, worms, and Trojan horses all spread through email. Installing a good antivirus program that will detect and clean out infected files is critical, and can potentially save your business from irreparable damage.

Workplace email policy: Email threats don’t originate solely from people outside of your organization. Trusted employees may also leak private information—either intentionally or inadvertently. That’s why it’s important for any small business to create and implement an email policy that specifically focuses on employee email usage -- and the consequences for misuse. Company email policies should also include guidelines on laptop usage, as well as a telecommuter/remote employee policy that encompasses safety and security issues specific to laptops used for work.

Digital certificates and encryption: Another layer of protection is offered by digital certificates, which verify a user’s identity. Encryption is the process by which an email message is scrambled into an unreadable format and can therefore be sent more safely over the Internet.

Conclusion :As they conduct more and more business via email, small businesses face the ever present challenge of keeping their IT systems and information safe. Email threats have the potential to be even more dangerous to small businesses because of their generally limited IT infrastructure and resource base. Protect your business by implementing the recommendations and best practices discussed in this article.

by Symantec