In Understanding Email Encryption Part 1 I covered not only why encrypting email is important, but also the two different types of email encryption: asymmetrical and symmetrical.

There was another section that briefly mentioned some of the barriers that impede buy-in from management when it comes to an encryption solution. But these were only touched upon.

Unfortunately when it comes to making a pitch for encryption, those who understand the need for it are an easy sell. Those who either don’t understand it or see the need for it often cite one or more of these stigmas that are attached to email encryption as reason to avoid it. Continue reading Understanding Email Encryption (Part 2)

When looking at solutions on securing email, many people don’t take into consideration the type of business environment they work in. All too often, after spending a great amount of time and money, small to medium-sized enterprises find out that what works for a company the size of Bank of America doesn’t quite work for them.

To better help SMBs find solutions scaled to their needs when it comes to email security, I have compiled a list of 5 tips that address the risks and restraints that they face. Continue reading 5 Essential Tips for SMB Email Security

Advanced persistent threats make email security a necessity

Most email administrators consider security to be a large part of what they do. With so many laws and regulations governing the storage, discovery and retrieval of email messages, security has become a second job to many.

Unfortunately, many administrators either forget, or simply aren’t aware, that securing email requires much more effort than hardening the email servers against attack. In order to fully protect your organization’s email and their contents the mailbox also needs to be defended. Especially when you consider how popular Advanced Persistent Threats are becoming with large cyber crime syndicates who use email not only as a way to harvest sensitive information, but also as a method of attack through phishing and social engineering. Continue reading Tips for Better Email Security

Getting your co-workers to adhere to policies that govern the use of email in the workplace can be tough. Despite your best efforts, email is still used to send jokes, chain letters, pictures, slide shows and other inappropriate content.

For whatever reason, people don’t quite get that not only are email policies in place to protect them and the company brand, but there are consequences for violating these policies. Unfortunately, the only time when people begin to comprehend just how serious email policies are is when it is too late.

Continue reading Email Scandals That Should Make Us Think Twice

In just one week Google, the International Monetary Fund and Citigroup have all made headlines as a result of email associated with them being under attack. The reason we continue to see companies make the news as a result of email attacks is that email security is sometimes ignored when it comes to training users properly and making good decisions. In some cases, having the latest and greatest when it comes to security tools even creates a false sense of security that causes us, and our users, to overlook the little things. A multi-layered defense that has been properly configured with all the best technology can be rendered useless if the little things are forgotten.

Continue reading 5 Simple Mistakes When it Comes to Email Security

Developments in cloud based computing have shown quite a bit of excitement and promise, especially when it comes to small to medium sized businesses. Those who evangelize the cloud will often cite the many benefits of moving to a cloud based email service. The litany of favorable reasons to examine moving email services off site that are oft quoted fall into line with the reasons used to move to any new technology:

• Ease of scalability
• Ease of software updates
• Email access anywhere
• Better disaster recovery
• Ease of implementation
• And of course, reduced costs

So when a vendor, or even someone in your own organization, throw these at management looking to save money and increase productivity then it seems like the question moves from why should we move to the cloud? to why has it taken us so long to move our email to the cloud?

Is it really that easy?

Continue reading 4 Considerations for Cloud Based Email

Recently a close family member spent some time in the hospital. Luckily everything turned out okay and they have since returned home. But while there I noticed that the hospital staff was very rigorous in their guarding of patient’s privacy and of their records in particular.

Only immediate family members were understandably allowed to be in the room. Information was freely given which helped us to understand our family member’s illness. But never were any hospital records left in our view. And even at the nurse’s station all records and patient related information were out of view.

All medical documents have to be completed and protected as per the laws which govern patient’s privacy. And anything electronic must also meet requirements and standard for the medical industry. Likewise, email for that field must conform to rules and regulations that protect patient information.

Protection and compliance with privacy laws is not just for the healthcare field alone. All email administrators must be aware of the email laws and regulations that are specific to their own business fields as well. Luckily there are many technologies that can be used for the various industries. Those technologies include:  authentication, encryption, content filtering, hardened message server software, and archiving, as well as anti-spam and anti-virus software.

Continue reading 5 Email Compliance Mandates and Regulations

Welcome to part two in a series on securing email. In part one we introduced the challenge, and three influences; compliance, technology, and support.

In this post, we’re going to look at two of the prevailing methods for securing email exchanges between servers… the way two businesses might wish to secure the email exchanges between them to prevent eavesdropping or interception on the Internet. We’ll look at SMTP/TLS and at routing SMTP over a VPN connection, and look at the pros and cons of each method.

Continue reading Securing Email Part Two-Server to Server

Most users will agree that email is a mission critical business tool. Confidential business information, proposals, and contracts are sent via email daily all over the Internet, and most of our users never give a second thought to the sensitive, privileged, and sometimes even critical information that they are sending over an unencrypted transmission, there for anyone with a protocol analyser to read.

They may not even realise that they could be violating company policy, contractual obligations, or even legal statutes regarding the transmission of confidential information. All companies should have policies regarding the transmission of sensitive information through email. While a policy that prohibits any such information being sent using email could greatly reduce the chance of disclosure, the reality of business communications is that this is not a practical approach.

This is part one of a three part series, where we will discuss some of the issues that surround and influence securing email. In part two of this series, we will discuss the pros and cons of server side solutions; SMTP/TLS and routing email over VPN connections. And in part three, we will look at the pros and cons of client side solutions; PGP and S/MIME. If you’d like to understand more about why we would want to encrypt email, please read on.

Continue reading Securing Email Part One – The Challenges

Thanks for sticking with us, and welcome to part three of this series on securing email. In part one we introduced the challenge, and three influences; compliance, technology, and support. And in part two, we looked at SMTP/TLS and routing SMTP over a VPN for server side solutions. In this final part, we’re going to look at client side solutions to ensure we are securing our email from sender to recipient.

There are two standard ways to do this. Both utilise the services of a PKI, and will require client side configurations. As such we may also find that we need to work with yet another part of the IT department; our desktop support team. They own the desktops and will likely be responsible for the client side configuration necessary with either of these solutions.

When securing email using client to client solutions, we may find this to be the most challenging approach for a number of reasons. We will need to ‘touch’ the clients, and we will need to ensure that we are implementing a solution that is compatible with the recipient systems. On the server side, we can split up our SMTP exchanges, sending some out to the Internet in the clear, others over a VPN, and still others using SMTP/TLS. When working with client side solutions, we need to make sure that what we implement on our clients is the same as what our partner organisation has implemented on their clients. If we have two partner organisations where one chose S/MIME and the other went with PGP, then we may need to purchase both for all the clients that must communicate with both partners.

Continue reading Securing Email Part Three – Client to Client