Email has changed the way we communicate -- for better and for worse. As businesses rely more and more on email communication, small business networks become more vulnerable to increasingly sophisticated malware programs, including computer viruses, worms, trojan horses and spyware. Ignore small business security at your peril.
Small business owners and managers must examine what's at risk when they communicate sensitive data over email. In most cases, it is network data and the business itself. Data loss can create a financial and operational burden that can harm your business. Conventional firewall and antivirus solutions are no longer sufficient protection from current threats, which means it's critical to keep up with continually evolving security technologies and business practices.
Small Business Email Security Appliances and Services
From high-end software solutions to network appliances, the number of email security options for small businesses is growing. By separating email servers from applications and storage servers, small business owners can safeguard their organization from email attacks.
Additionally, you can maintain security measures primarily via automatic updates. This reduces maintenance costs and makes it simple, cost-effective and efficient to employ a separate security appliance. Alternatively, many businesses are moving to hosted email security services, which are transparent to employees and lets management focus on other matters with the assurance that the hosted service is keeping their email secure.
Email Content Filtering
Email security is a two-way problem -- data that leaves an organization via email can be as harmful as what comes in, so small business owners must take countermeasures to mitigate the effects of spam and malicious email content, and they need to monitor the data that leaves through the email gateway. Highly regulated organizations such as financial institutions and healthcare providers -- or companies that contract with them -- face liabilities if employees send out sensitive client or patient information, such as Social Security and account numbers or confidential records.
An increasing number of small businesses use email content filtering, which lets them block discrete attachments based on content, both inbound and outbound. Content filtering can help companies remain compliant with corporate governance or industry requirements, such as the Sarbanes-Oxley Act (SOX), which regulates companies’ audit and management standards.
5 Tips for Email Security Best Practices
Sophisticated hardware and software aside, the most powerful component of an effective email security solution is a community of informed and compliant employees with knowledgeable leadership. Training employees to avoid risky behaviors is the first step, but there are other practical steps to improving email security:
- Implement an email archiving system that can recognize email that is consistent with your corporate culture, regulatory requirements and industry
- Specify policies and controls regarding what can be stored on user desktops and laptops, so you can control and protect important data. Further, empower your network administrators to enforce those policies by giving them the tools to do so
- Be sure all key departments within your organization, such as legal, IT and HR, understand the policies; require them to sign off on your email filtering, retention, retrieval and analysis policies
- Keep the big picture in mind. Staying attuned to how threats and anti-threat solutions are evolving, will better prepare you to identify problem areas for your business and to take the necessary steps to guard against them. If you don’t think you have the time to monitor these threats, lean on a trusted technology partner who does. And remember -- the investment is worth it
- It cannot be said enough: educate your staff. By teaching them how to prevent the spread of viruses and worms via email attachments and phishing scams, you are investing in your organization’s overall well being. Make sure all employees are educated against opening spam or emails from unknown senders. Reiterate this policy frequently. Do your research. Talk to other small businesses and see what is and is not working for them. Get your budget approved and do the necessary leg work -- you won’t regret it
In a society where instant communication is the norm, it is easy to take email for granted -- but there is no excuse for shortcuts when it comes to security. Take advantage of the available solutions, and encourage your network administrators to enforce security policies -- you, your employees and your clients will be happy that you did.
Chad Morris is a security specialist at CDW.
Small Business Computing is on Facebook. Join us on Facebook and interact with the site's editors, post messages, share your small business challenges and successes, discuss technology and suggest topics you'd like covered on Small Business Computing.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|