When email turns tell-tale

The Internet has few innate security measures. What problems does this pose for email, and what possible measures exist to get...

The Internet has few innate security measures. What problems does this pose for email, and what possible measures exist to get around them

The risks

There are few innate security measures within the Internet because it was built as an instrument for sharing information. When sending information across the Internet, the potential pool of eavesdroppers increases as unknown people residing at some distant data transfer point can access the information.

Since email is plain text, it is very easy for an eavesdropper to read or even alter email messages. In addition, computer generated documents can be sent to several parties simultaneously, and files and messages can be forwarded. This is a great convenience, but email can easily be sent to an unintended recipient ( either intentionally or accidentally.

There are other risks: viruses can be included on inbound or outbound messages, and messages can contain content that may be offensive to the recipient. Even worse, these messages could disclose sensitive information.

Securing Email

To protect your organisation from these problems, you must implement email security countermeasures that ensure the safe and efficient use of corporate email systems. These countermeasures could include:

Server-based S/MIME encryption and digital signature capability

The best way to preserve confidentiality is to encrypt email messages. Encrypting a message protects it from prying eyes by encoding, or scrambling, the information using a mathematical algorithm. Only a person with the proper decoding key can decrypt and view the message. You should aim to encrypt messages at the server, eliminating the need to manage individual keys for each user in the firm. Because the encryption is done at the server, it is transparent to the end user.

Content filtering

Content filtering provides additional control over email exchange. Using this feature, firms can develop a dictionary of offensive words that violate sexual harassment policy, and archive (or quarantine) every email message ( whether inbound or outbound ( containing such words. Content filters can also be used to weed out junk email messages, chain letters and virus hoaxes, by looking for specific words, such as "special offer" or "act now".

Content filtering can also be used to prevent large, non-business files, such as JPEG, MPEG and AVI files from clogging up the system. Messages can be dropped, returned to the sender, or delivery can be deferred to off-peak hours. This is especially valuable during the holidays, when transmission of this type of data is at a peak.

Access control

Junk email, or SPAM, can be blocked from entering the firm by setting up access control policies. These policies can be based on an email address or domain, and/or information in the message header.

Virus detection and cleaning

The best place to detect viruses is at the edge of your network. An anti-virus scanner can then scan inbound and outbound messages for viruses and remove them if necessary.

Policy wizards

The easier it is to set up security policies the easier it is to implement and enforce them. Once you have decided on a security policy ( a process that must have the support of all staff) you can:

Quarantine messages for review

Generate email notifications to one or more recipients

Return messages to the sender

Add recipients to messages

Archive messages

Finally, you should also configure your email server to automatically add a standard legal disclaimer to any message that leaves the firm.

Read more on Antivirus, firewall and IDS products