Common Roadblocks to Email Security

In my last post I wrote about some of the things that email administrators commonly overlook when it comes to email security. This post hopefully helped some admins from making some pretty basic mistakes that leave their email systems open to attack but it made me think, “what about those who are met with resistance at every corner when it comes to email security?”

How is the email admin who’s security efforts are met with resistance at every turn supposed to keep their users, servers and email clients safe?

To help this group, I decided to take a look at some of the more common roadblocks that we run into when trying to justify email security solutions and some ideas on how to overcome them.

It’s just too hard

Believe it or not email systems, and other systems for that matter, are left unprotected because someone who is a decision maker feels that it is just too difficult to secure these resources. The time involved with training and steep learning curve involved with email security are often a big turn off to management because it takes people away from other things, especially in a small to medium sized business.

If you find that your boss, or their boss, is fighting your efforts because they perceive security to be too difficult then the most obvious counter should be to show them how simple modern email security solutions can be. Long gone are the days when the only solutions available required specialized training or certification in order to block spam and malware.

It costs too much money

The toughest part about IT security is the fact that there is no tangible return on investment for decision makers to see. When it is time to budget for security, the threat often doesn’t seem real enough to them so they have a hard time cutting a check to protect against the boogey man. They would rather spend the money on something that is going to increase sales or drive profits.

This, unfortunately, is one of the hardest roadblocks to overcome; especially if there is no money in the budget for email security. Defending your position takes a great deal of research. You can use case studies and statistics, but this may not be enough to sway the most frugal. Instead, count on the law and industry regulations as your ace in the hole. Research what your company is required to do to be in compliance with local or federal laws and regulations. Fear of a lawsuit or fines is usually much more frightening than a malware outbreak.

Statistics say spam is down

Just like many of us count on statistics and trends to show a need for security, management will often times use them to support their case.

And yes, there have been plenty of reports and news articles claiming that spam is at some of the lowest levels ever. When people who control the budget see this, it makes it extremely hard to state a case for spending more money on security.

Countering this can be difficult, but not impossible. The best way to defend the need to additional email security and anti-spam protection when your boss throws back stats saying it’s not necessary is to build your case with facts and statistics showing a definite need. For example, if they claim that spam is at an all time low present them with facts about how it has bounced back after other “lows”. If they still aren’t convinced, show them the numbers about malware spread via email.

We have security in place

IT security is often misunderstood by anyone outside of the department. The common thought is that if the desktop is protected, everything should be safe and things will run without problems. So if your boss thinks that everything is safe and sound, they certainly won’t see the need for anything else.

In this case, the root vegetable theory may just be your answer. Explaining to your boss how security needs to be a layered approach, like an onion, might just help him or her visualize how security should be planned. Throw in a couple of buzz words like; proactive, business continuity, disaster planning, etc. and you may just make your boss a convert.

Have you ever ran into resistance when trying to justify email security? Let us know what happened and how you dealt with it in the comment section below.

Written by Jeff Orloff

5 Comments

  1. David Black · August 22, 2012

    Very often it is just not possible to convince management that email security requires investment. When you buy new computers or even new software in boxes, you have a physical item so show to your boss. With email security it’s different – no physical item to show. And many bosses just don’t care you need assistance – they have hired you, the IT guy, so it is your responsibility to provide security without any involvement on their side. This is very wrong but when a boss is convinced that paying you your salary is enough to have their IT needs covered, negotiations aren’t possible.

  2. Joseph Evans · August 28, 2012

    The third one is very strange. I don’t where that information came from. In fact, a lot of studies these days suggest companies, both big and small ones, are losing a lot of their money due to spam. I check my mail every day, and there they are. My Junk Mail folder’s files continue to rise up almost every hour. I just wish the writer could have provided us with the link of an article or study that can support this claim. Or else, I’ll call it BS. I agree with the rest of the points, though, especially the first one. I am no security expert, but once I told a friend I’m willing to help out set up her ecommerce website with ample security, and she said no because she doesn’t know how to maintain it.

  3. Wilson · August 28, 2012

    You’re right on there, @Joseph. Calling Jeff, please give us your resource that says spam is going down, so we can refute it properly and immediately. Anyway, I used to be one of those who don’t want to spend money on security. After all, I was just operating a small up-and-coming home-based business until a lot of my subscribers and customers wouldn’t stop calling and e-mailing me because they’re receiving spam from my end. Then I discovered my lowly e-mail had been hacked. It was definitely a huge wake-up call for me.

  4. Jones Brown · August 28, 2012

    @Wilson: How did it affect your business? Did the customers pull out because that was what happened to me. I lost almost 20 percent of my customer base due to hacking, and it scared the living daylights out of me. I was new, and yet I was on the verge of getting out of business. Like you I have learned my lesson, and I do not just invest on good software, I also hire reliable technical teams. They mean additional expense, but for me it is customer satisfaction first above everything else. I have also used it as my edge against my competitors.

  5. Mack · August 30, 2012

    I can clearly understand about the money thing. I’ve heard that ICANN is asking a lot of money so companies can have “exclusive” domain names that can ward off phishers and scammers. Is this the right amount for small businesses and individuals like us? Certainly not, and yet we need adequate protection too. Yes, we do have software, but a lot of them are just bull* if you know what I mean. Free ones, forget about them. So, yeah, I can totally relate to the lack of funds. I agree with the rest of the items on the list also.

Leave A Reply