In my last post I wrote about some of the things that email administrators commonly overlook when it comes to email security. This post hopefully helped some admins from making some pretty basic mistakes that leave their email systems open to attack but it made me think, “what about those who are met with resistance at every corner when it comes to email security?”
How is the email admin who’s security efforts are met with resistance at every turn supposed to keep their users, servers and email clients safe?
To help this group, I decided to take a look at some of the more common roadblocks that we run into when trying to justify email security solutions and some ideas on how to overcome them.
It’s just too hard
Believe it or not email systems, and other systems for that matter, are left unprotected because someone who is a decision maker feels that it is just too difficult to secure these resources. The time involved with training and steep learning curve involved with email security are often a big turn off to management because it takes people away from other things, especially in a small to medium sized business.
If you find that your boss, or their boss, is fighting your efforts because they perceive security to be too difficult then the most obvious counter should be to show them how simple modern email security solutions can be. Long gone are the days when the only solutions available required specialized training or certification in order to block spam and malware.
It costs too much money
The toughest part about IT security is the fact that there is no tangible return on investment for decision makers to see. When it is time to budget for security, the threat often doesn’t seem real enough to them so they have a hard time cutting a check to protect against the boogey man. They would rather spend the money on something that is going to increase sales or drive profits.
This, unfortunately, is one of the hardest roadblocks to overcome; especially if there is no money in the budget for email security. Defending your position takes a great deal of research. You can use case studies and statistics, but this may not be enough to sway the most frugal. Instead, count on the law and industry regulations as your ace in the hole. Research what your company is required to do to be in compliance with local or federal laws and regulations. Fear of a lawsuit or fines is usually much more frightening than a malware outbreak.
Statistics say spam is down
Just like many of us count on statistics and trends to show a need for security, management will often times use them to support their case.
And yes, there have been plenty of reports and news articles claiming that spam is at some of the lowest levels ever. When people who control the budget see this, it makes it extremely hard to state a case for spending more money on security.
Countering this can be difficult, but not impossible. The best way to defend the need to additional email security and anti-spam protection when your boss throws back stats saying it’s not necessary is to build your case with facts and statistics showing a definite need. For example, if they claim that spam is at an all time low present them with facts about how it has bounced back after other “lows”. If they still aren’t convinced, show them the numbers about malware spread via email.
We have security in place
IT security is often misunderstood by anyone outside of the department. The common thought is that if the desktop is protected, everything should be safe and things will run without problems. So if your boss thinks that everything is safe and sound, they certainly won’t see the need for anything else.
In this case, the root vegetable theory may just be your answer. Explaining to your boss how security needs to be a layered approach, like an onion, might just help him or her visualize how security should be planned. Throw in a couple of buzz words like; proactive, business continuity, disaster planning, etc. and you may just make your boss a convert.
Have you ever ran into resistance when trying to justify email security? Let us know what happened and how you dealt with it in the comment section below.