Email is one of the most important communications tools for businesses. When it stops working, people start to get nervous.

While there are many things that a user can do to mess up their email, many of these problems can be resolved with a restart of the software or the computer.

However when the old standby of restarting doesn’t work, it is time for the email administrator to start looking into the issue a bit more deeply.

Here are some of the more common errors found in Outlook 2007 along with some of the ways you can make things right again:

1. Error message that reads: “Cannot open your default e-mail folders. The information store could not be opened.”

This issue can be fixed by first locating Outlook.exe that can be found here: C:\Program Files\Microsoft Office\Office12.

Next, right click Outlook.exe and then click on Properties.

On the Compatibility tab, clear the check box that reads ‘Run this program in compatibility mode’. Then click Ok and restart Outlook.

2. Error message that reads: “Your Microsoft Exchange Server is unavailable.”

This error is a bit trickier to resolve only because there can be many different causes.

No data connection – test your SMTP connection using telnet. If you are unsure how to do this, Microsoft has provided a guide on their TechNet site that walks you through this process: http://technet.microsoft.com/en-us/library/bb123686.aspx.

Office Outlook files are locked – there are times when .ost and .pst files are accidentally, or purposefully, set to read only. Check the permissions of these two files by navigating to:

C:\Users\<username>\AppData\Local\Microsoft\Outlook\ for .pst files and C:\Program Files\Microsoft Office\Office12\ for .ost files. Make sure that neither is set to read only.

Third party applications are interfering with Outlook – many programs, including anti-malware solutions, can interfere with Outlook connecting to the Exchange Server. To check to see if this is the cause, start Outlook in safe mode.

Outlook files are corrupted – this can happen after an upgrade is applied to Outlook. If any of the .dat files listed below are present they should be deleted or renamed.

• Extend.dat – Located in C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Outlook\
• Frmcache.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Forms\
• Views.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Outlook\
• Outcmd.dat – Located in C:\Documents and Settings\<username>\Application Data\Microsoft\Outlook\

All the files, with the exception of Outcmd.dat will be re-created. The Outcmd.dat file saves customized toolbar settings so if it is removed these settings will have to be re-applied.

3. Office Outlook will not open personal folders or personal folders do not show up in Outlook.

Personal folders are often the root of many problems related to Outlook. Microsoft has published the Inbox Repair tool, Scanpst.exe, that can be used to scan .pst and .ost files for errors in the file structure. If this is not intact, it will reset the file structure and rebuild the headers.

This tool will only work on the files that reside on your computer’s hard drive, not the files on the Microsoft Exchange Server.

This will also help to resolve the error message: “Cannot open your default e-mail folder. The file c:\users\owner\documents\software info\outlook.pst is not a personal folders file”.

4. Error messages that read either: “The action cannot be completed. The connection to the Microsoft Exchange Server is unavailable. Your network adapter does not have a default gateway” or “Your Microsoft Exchange Server is unavailable”.

This error occurs when Outlook is unsure of the default gateway address. The former is the error message that shows when the Outlook profile is configured automatically and the latter appears when the profile is manually configured. Both have the same fix.

To repair this you will need to edit the registry so clicking on Start and then Run is necessary. Then, enter regedit in the Open box and click OK.

Next, navigate to the registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\RPC. On the Edit menu, point to New, and then click DWORD Value.  Type DefConnectOpts, and then press ENTER. Now, right-click DefConnectOpts, and then click Modify. In the Value data box, type 0, and then click OK.

5. None of the authentication methods supported by this client are supported by your server.

This happens to people when they use their computer in multiple locations. For example, a laptop is taken home and connected to the home network or perhaps a computer is taken on the road. Basically, it comes from authentication rules for the SMTP server.

When this error occurs go to the Account Settings tab and click on Change then More Settings. Now select the Outgoing Server tab.

The option that reads: “My outgoing server requires authentication” and the one that reads: “Log on to incoming mail server before sending mail” should both be looked at. If there is a check in the option box remove it.

5 Common Outlook Errors and How to Fix Them

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

In an age where millions of emails are sent every day it is hard to find someone who hasn’t made a mistake when sending a message.

If you are using Microsoft Outlook and Exchange, you can quickly recall a message and delete unread copies, if you are lucky that is and no one has opened the email. If someone has already opened your errant message, then it’s too late.

Companies have become a bit more cognizant that some employees are just a bit too quick to pull the Send trigger on their mail. To compensate, many have put into place a time delay that gives someone the opportunity to think twice about a message that was sent out and stop it before it is delivered.

Just recently, the New York Times suffered a rather embarrassing incident where they had planned to send a few hundred emails out to some of their subscribers offering them a discounted rate if they did not cancel their subscription. Instead the message went out to over 8 million people.

That was mistake number one.

This was then followed up by a message that read:

“If you received an email today about canceling your NYT subscription, ignore it. It’s not from us”

sent out via Twitter. So they were blaming the mistake on someone else, a spammer perhaps.

But, as it was later discovered, the Times was the guilty party. They did send the initial message and then pawned off the responsibility.

Where the mistake hurt

This gaffe wound up costing the Times. Not only was their reputation hurt, but so was their bank account.

Since a discounted rate was promised to the few hundred who were thinking of cancelling their subscription to the Times, other customers felt slighted. Their loyalty, so it seemed, accounted for little reward.

To make up for it, the Times extended the discount to everyone who received the errant email, but only for part of a day. By the afternoon of their offer, they had put a halt to the discounted rates. This decision then led to a Twitter account called @NYTSpam that made fun of the error fully disclosing that it was a:

“Parody account. Not affiliated with @NYTimes or actual spammers — just sick of bad digital strategy.”

The account currently has over 200 followers.

The Times is not alone when it comes to paying the price for a bad email going public. These things actually happen all the time. But when it happens to a small business, we don’t really hear about it.

To keep the lid on scandals and humiliation that can be suffered due to email, it is important that you cover certain things with your employees.

Anyone who emails on behalf of the company should understand the following:

1. Never send an email when you are angry or emotional. This leads to things being said that you may want to take back.
2. Write, edit, send. Never type out an email and hit the send button without reading it over. Not only for spelling and grammar errors that could hurt your reputation, but also for the tone of the email. People read into things and if the tone is not what you intend it could lead to problems later.
3. Check your list. This ties in directly to the Times situation. Make sure that you are sending your email message to the right people. This becomes more important with so many organizations automatically populating the TO and CC fields as you type names. Make sure that you don’t rely simply on the names suggested to you. Be careful using the Reply to All as well.
4. Never punish or praise in an email message. Not only can the content of an email be misconstrued because of a lack of emotion, but it can also become evidence or public record. If you fail to follow human resources procedures, email can be a pretty solid form of documentation.
5. Don’t share company secrets via email. Whether they be financial, trade or even personal secrets they should never be relayed through an email message. It is far too easy for someone to accidentally, or purposefully, forward that message on to others.

Common Mistakes When Sending Emails

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

When starting out, many small businesses set up their email using one of the free accounts available to them. Services like Gmail by Google, Hotmail from Microsoft or Yahoo!’s mail service, provide a working email address with almost no maintenance for a business just getting its feet wet.

However this may not be the best way to make a first impression with your potential customers.

Listed below are seven reasons why you need to ditch the yourcompany@freeemail.com and go with an address that better reflects the image you want your company to have.

1. Free email looks less professional

People associate free email services like Gmail or Hotmail as a personal accounts. Businesses, on the other hand, should have an email address that looks more professional. In fact, a study by Visible Logic in Amsterdam found that 70 percent of people view email messages coming from free email services as less professional when used by a business.

2. Free email looks spammy

Over the years, people have been burned so often by spam that they have become very adept at spotting shady looking emails in their inbox. One way to spot an email that may have malicious intent is by looking at the address. If you email address doesn’t look legitimate, your messages may be overlooked by overly cautious recipients.

3. Free email looks cheap

When people receive an email from your company and it has the @freeemail.com trailing it, your company looks cheap. For less than five bucks a month, you can set up an email address with your company’s domain. Sometimes you can even get a few of these for free when you host your company’s website. Customers who see that you are unwilling to spend a few dollars on this are often left to wonder what else your company may be skimping on.

4. You lose credibility when you use free email

A legitimate, professional looking email address tells your customers that you are here to stay.

Not only that, but having multiple email addresses such as: info@yourcompany.com, sales@yourcompany.com or service@yourcompany.com shows others that you are a well structured organization. The impression one gets when there is one, free email as the sole contact is that one person is handling everything for a company. This may scare larger clients away for fear that the company cannot handle their needs.

In today’s business atmosphere, trust is everything. Especially when it comes to online sales. Every little thing your company can do to establish trust and credibility will help your business grow.

5. Free email is less secure

Remember the old saying: there is no such thing as a free lunch? Well that applies to email as well.

True, Google, Yahoo!, Microsoft and the other free email providers do everything they can to make sure that their email services are as secure as possible, but things can slip through the cracks.

To pay for “free” email, users are subject to advertisements. While these help pay for the servers and storage space, they also have been linked to spam and hijacking. There have been several cases where businesses have had bank accounts and other confidential information compromised by cyber criminals who intercept email messages of companies that use free email services.

6. Free email may put you out of compliance

Nowadays, there are regulations and laws that govern so many industries and their record keeping that many large companies have entire legal teams dedicated to just compliance related issues.

But smaller companies are not immune to compliance. Companies of all sizes need to be aware of HIPPA when it comes to healthcare, PCI DSS when dealing with credit cards, and CAN-SPAM Act when it comes to marketing.

Free email likely does not offer you the tools required to be in compliance with any of these, or the many other, laws or regulations for email use.

7. You miss out on marketing your brand

Having your website’s domain name in every email you send out gives you the opportunity to build your company’s brand. Info@yourcompany.com puts your web site address in the minds of your customers. They know where to turn to when they need your services because they are so used to seeing your domain in every communication from you.

7 Reasons to Ditch That Free Email Address

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

You may have read the stories about how Atos Origin, a French IT services company, is looking to make their offices an email-free workplace by the year 2013 to eliminate what they call email pollution.

By turning to collaborative social medial tools, such as the Atos Wiki, employees have already seen a 20% reduction in “email pollution” six months after this initiative went into practice.

Volkswagen has also attempted to cut back on after hour’s emails being sent to and from employees Blackberrys in a similar effort. However, while cutting back on emails like Atos is trying to do may seem trend setting, it hardly seems to be a realistic goal.

Not only because of how many workplaces have become reliant on emails to get work done, but rather how these people use email to get work done.

As we all know, emails are not only used to deliver electronic messages. People in office buildings all over the world have found ways to “hack” their email accounts to do much more than send and receive messages.

Let’s take a look at some of the most creative, but common, ways email is used for things other than email.

Instant Messaging

Instant messaging is still taboo in many corporate settings. For some reason, IMs still conjure up images of the old AOL chat rooms in the eyes of most managerial types. So instead of embracing the technology, it becomes banned in the workplace.

Creative employees have learned that they can send a quick message to a coworker using the subject line alone. For example, sending a message with a subject that reads I have the research for your project EOM tells the recipient everything they need to know and lets them know that your subject line is the entire message (that is what the EOM, or End of Message, means).

Online/Portable Storage

There is hardly a person with an office job who hasn’t found themselves working on something that they needed to take home to complete. When they reach for that trusty USB portable hard drive they remember it is sitting on their desk at home still plugged into their laptop.

Email becomes a quick replacement as you can simply attach the document, spread sheet, etc to an email message and send it to yourself. Problem solved. Of course you would want to be extra careful when doing this with content that is considered sensitive or confidential.

File Transfer

Sending files to other people, or even yourself, can be tricky in the workplace.

Many companies block executable files from being attached to email messages to prevent malware from being spread via email.

However many employees have realized that they can get around this by changing the file extension from .exe to something that is permitted, like .docx. The recipient then needs to simply rename the file extension when they download it.

Setting Reminders

While most email clients have some sort of calendar that allows us to set reminders, we don’t always have access to them.  We may remember something late at night that we need to remind ourselves to do when we get to the office in the morning. If you can’t get to your calendar, you can always send a reminder to your work email. That way, when you are sifting through your morning emails you will remember what it is you have to do.

The same can be done in reverse.

Saving Hyperlinks

Bookmarking interesting or useful websites is great if you only use one computer. Using a solution like Evernote or Thirsty solves this, if your company allows these services through the firewall that is.

Then there are those who copy links and paste them into an email message. Sending this email to themselves almost assures them of the fact that they will be able to find these web sites at another time.

This little email hack is applied to just about anything found online. Sites, videos, presentations, etc. are all saved by cutting and pasting into email messages.

Of course, all of these tricks just add to the scourge of email pollution that companies like Atos are trying to get rid of. But hey, if they make your employees work easier, and better, and they don’t violate any acceptable use policies, is there really any harm?

5 Creative Uses For Email

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Email compliance is always a hot issue. Yet even while there are laws and regulations governing how certain industries send, receive, store and secure email messages, 73.7% of people who responded to a survey admitted that they had violated email compliance policies at their workplace.

It is important to note as well that this number represents those who knowingly violate company email policies. The same survey showed that 42.7% of those asked claim that their company either doesn’t have email compliance policies, or they were unsure if such a policy was in place.

So what are some of the most common violations of these policies? Take a look:

1. Sending confidential information

When it comes to industries like education, healthcare and finance, sending personal and confidential information via email can violate not only company and organizational policies, but also federal regulations.

Still 45.7% of respondents claim to have accidentally sent information via email that violated regulatory compliance and 28% admitted to having done so intentionally.

This also leads to another serious problem, printing confidential emails. While most of the time these emails are printed and immediately filed away, there have been stories of confidential emails left on the printers at trade shows, hotels and airport lounges. Worse still, the information contained in the email almost always remains electronically stored on the printer itself as well.

2. Sending work-related emails from personal accounts

According to a report from a security vendor 71% of people surveyed have been educated on the risks associated with sending work-related email from their personal accounts. 47% of them don’t agree with these policies however, and deem it acceptable to use their personal accounts for work. In fact the same survey showed this to be a major concern among younger employees with 85% of workers under the age of 25 regularly sending work related emails from their personal accounts.

3. Sending inappropriate emails

Nothing can be more damaging to the reputation of a company, or individual employee, than an inappropriate email.

This is a hard statistic to measure because most often, people think of inappropriate emails as those that make the headlines due to racist remarks or sexual references. But these types of emails are only the tip of the iceberg.

Inappropriate emails include sending emails when angry, sending emails with poor grammar and spelling, jokes, slide show presentations, pictures of the grandkids and just about anything else that people find offensive or bosses find to be not related to work.

Most people think that the later list is mostly harmless but when you add up the hours lost in productivity and the customers you lose because you consistently spell the as teh, you can see where it can become a problem.

4. Inappropriate use of the email signature

If a company has a well written email compliance policy in place then it will most certainly contain some guidance as to how employees should write their email signature. Most people will ignore this.

Frequently, companies restrict signatures to the person’s name, contact information and a link to the company’s web site. Sometimes they will specifically address the use of quotations or sayings in the signature line – but this is often ignored.

Email signatures that violate compliance policies can also be spotted by the font and color used as well. Generally, it is not consider professional looking to use multi-colored text or fancy fonts for the email signature.

5. Using work email for personal communications

Policy flaunters aren’t only using personal emails for work, but vice versa as well. One common misstep when it comes to email compliance is to fire off a quick email to a friend or spouse from your work account. Many people still don’t realize that the contents of their emails are subject to review by their employer. Even those who are aware of this continue to send personal emails from work or use their work email address to register for web sites or mailing lists online.

To reduce the number of people who violate email policies in the workplace, email administrators need to clearly define their expectations to all employees and take the time to enforce these policies. When people understand the rules and see that they are frequently, but fairly, enforced they will be far less likely to try to circumvent them.

5 Most Common Violations of Email Compliance

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Recently we wrote about how workers in the United Kingdom felt compelled to check their email at all times, even during holidays like Christmas. Those same kinds of pressures are felt across the Channel, too, in Germany, but some employers over there are relieving those pressures by turning off the email spigot.

The latest employer to do that is auto maker Volkswagen. The Kaiser of Fahrvergnügen cut a deal with its unions recently to shut-off outbound mail from its Blackberry servers to rank-and-file workers from one half hour after close of business to one half hour before office hours begin each day. The agreement doesn’t apply to managers and executives at the company.

At the height of their popularity, Blackberry smartphones were known as “crackberries” because of the addictive behavior of their users. They had to constantly get their email “fix”. Apparently, Volkswagen sees “crackberry” as more than just a jocular metaphor as far as the health of its workforce is concerned.

At the German consumer goods maker Henkel, a more short-term solution was adopted for the holiday season. It has declared the week between Christmas and New Year’s Day “Blackberry Free Week”—unless there is an emergency. Declared CEO Kasper Rorsted to the German newspaper Frankfurter Allgemeine Sonntagszeitung:

“I don’t want to have to read emails just because someone is bored somewhere and wants to show he’s busy.”

Last year, a similar tack was taken by the top brass at Deutsche Telekom, which owns T-Mobile in the United States. It instituted a “smart devices policy” for its workers. The policy calls for employees to claim some time off from their devices. Management also pledged not to call workers or expect them to read email after business hours.

Such a policy, though, doesn’t seem destined for success. After all, most UK workers aren’t required to check email, either. That doesn’t stop them from doing it. If a company is serious about creating a healthy separation between work and home, then shutting off email, as Volkswagen is doing, is a more effective approach.

It’s evident that these German companies are reacting to two worldwide trends. First, there’s the growing use of smartphones, which are far more addictive than conventional cellphones—and not just because you can check email more easily with them. A typical smartphone user loads their device up with apps that continually beckon them to check their phone.

The other trend is the rising amount of burnout among workers. In Germany alone it’s estimated that 10 million sick days a year can be attributed to employee burnout.

While the relentless pressure to do more with less, which was rampant before the great economic collapse and has become worse since, is a significant contributor to burn-out, so, too, is the inability to cut the cord to the office. One recent poll showed that 88 percent of German workers make themselves available after office hours to bosses, colleagues and clients. That’s a 15 percent increase over what it was two years ago.

Today, email administrators concentrate much of their time on making sure mail arrives where it should in a timely manner. In the future, they may have to make sure it doesn’t arrive at all during some hours.

Volkswagen Shuts Off Email Servers After Business Hours

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

This morning I noticed the flashing red light on my Blackberry alerting me to a new message. Since this device is connected to my work email account, I decided to give it a look to see what was so important that it couldn’t wait until Monday.

I was lucky that I did check it. The new message was actually from my personal email account and the contents of the message contained only one link and other people were also sent the same message.

I realized immediately that my personal email account was sending spam. I was upset with this because working with email and security, I write and train others on best practices. Not only this, but I follow them as well. I make sure that:

• I use strong passwords and phrases
• I change my passwords frequently
• I don’t use the same password over and over
• I update my anti-malware software regularly
• I run anti-malware scans regularly (ironically, I had just run a scan the day before)
• I am careful about what sites I visit
• I am careful about clicking links in emails
• I am careful about what I download, even checking the MD5 hashes when available.

However after I realized what had happened I didn’t make the classic mistake of denial that this could happen to me. After all, people much smarter than me have had their systems compromised. Driven by a classic saying in computer security, “The only way to ensure that a computer is 100% secure is to unplug it from everything and seal it up in a box,” I moved ahead with fixing the problem.

Steps taken

When I opened up my personal email account there were over 100 mail delivery subsystem errors and Out of Office replies waiting for me.

At first I thought that my email address had possibly been spoofed. After all, most of the sites I write for include it as a way to contact me so I am sure it comes up quite often when people are mining the Internet for email addresses.

However looking at a few of these messages I noticed that the spam messages were being sent to every address that I had ever sent an email to, not just my contacts. What this said is that:

A) My email address had not been spoofed.

B) It wasn’t malware that was abusing my contact list. This was the result of my account credentials being compromised.

It may appear that the first step anyone should take in this situation is to change the password immediately. Not entirely true.

Most passwords are captured from a keystroke logger installed on your computer. If you go ahead and change your password, you are simply letting the attacker know what your new one is.

Instead, I went ahead and attempted to update all of my anti-malware definitions. Since I had just run a scan the day before, there was nothing to update. The next step was to run all of these scans again.

The three scans from Malwarebytes Anti-Malware, TDSSKiller Antirootkit utility and Ad-Aware all came up clean so I went ahead and changed the password on my account. Even after I changed the password, more delivery error messages came up but looking at the headers, these were delayed as the original message sent from my account occurred between 6:48 AM and 6:54 AM so everything looked clean.

Digging deeper

Once I was sure that everything was cleaned up, curiosity got the better of me and I decided to look a bit deeper into the emails that were being sent out from my address.

To make sure I didn’t infect my computer once again, I created a virtual machine and loaded it up with my three favorite anti-malware tools and ran a scan using each just to ensure the new “computer” was clean.

Then I clicked on the link just to see where it went. Of course, the link was spoofed and redirected to cretep.ru registered out of Russia advertising for an herbal Viagra clone, Viagrow. Of course, by their claims it had been featured in Men’s Health, Maxim, MSN, Esquire and other media outlets.

After closing out the site, I fired up all of the anti-malware software to see what really happened when I visited this site. The first scan found two installations of PUP.FunWebProducts and one installation of Adware.MyWebSearch.

Even as the so-called experts when it comes to email, we have to realize that as threats escalate in sophistication we too are vulnerable. Following the best practices and taking the proper measures to secure our email accounts certainly help, but there is no way that any of us can assume that our accounts are 100% safe.

Yes, My Email Account Was Compromised

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

At one time or another, most email administrators are tasked with the responsibility of writing up policies that govern the use of email in an organization. These policies are necessary to:

• Protect against email based threats and vulnerabilities
• Reduce the organization’s liability if email is used inappropriately by employees
• Prevent misconduct when it comes to email use
• Educate employees on email etiquette
• Inform employees of email monitoring policies.

However, many email administrators find it tough to sell their coworkers, and even management, on certain aspects of the policies created. Instances of a company’s employees, brushing off email policies as insignificant, or simply ignoring them altogether, are far too common in today’s workplace.

Despite the importance of email policies, most people simply see them as either a barrier to getting work done or as a way that management can monitor and control their activity.

As email administrators, we can certainly do a better job when it comes to getting buy-in from our coworkers. To help with this, we have compiled a list of tips that can help you present new email policies, or changes in existing policies, with as little friction as possible.

1. Understand why you are creating these policies

The first step begins with the people tasked with creating these policies. As email (or IT) administrators, we have to realize that our number one job is to help our coworkers do their jobs more effectively. Too often, IT policies are influenced by things that make life easier for the IT staff and often at the expense of other departments. This immediately creates friction and a type of civil disobedience often follows.

If other employees see that any policies in place are not just to make life easy on IT, but exist to help the company as a whole, there is often less justification for not following them.

2. Explain the risks

Users often need to understand the reasons why they have to do something in order for them to comply. But taking a “because you are supposed to” attitude isn’t explanation enough. Provide them real life scenarios that show what can happen if they don’t follow the policies that are put in place. Oddly enough, people often find these examples intriguing and captivating. Compliance usually increases after they are presented with stories like these, but after a while the fear factor wears off. Keep users in touch with the various risks giving them a reminder every so often through company newsletters or blogs.

3. Review policies with other departments

One of the biggest threats to compliance is when upper management doesn’t buy in to your policies. This often happens when they feel that the email policies put in place restrict their team from being productive.

4. Provide data

If you are serious about email policies then there should be some way to track data. Provide users with data from your organization to help show a need for policies. For instance, if you have a policy in place regarding not responding to junk mail then show your coworkers how this helps reduce spam in your workplace. If you block executable files from being attached to email messages, provide evidence that this measure helps prevent malware outbreaks.

5. Realize that not every policy has to do with security

More often than not, email policies are looked at from a security/productivity standpoint. They help keep emails and information secure and confidential, and they help keep workers on task.

However email policies can also help protect and promote your organization’s brand.

By regulating how users write emails and how they craft their signature lines can really improve how current and potential clients see your company.

Even though other forms of communication are becoming more popular, businesses will continue to rely on email as the primary means of communication for years to come. Those who work to make sure email communications run smoothly will always find that compliance with policies that govern email use is often neglected. However when the right approach is used, the headaches that often accompany email related problems will most certainly decrease giving you more time to deal with projects you probably find a bit more interesting and much more worthwhile.

5 Ways To Increase Email Policy Compliance

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Most email administrators don’t have celebrities like Scarlett Johansson on their networks, but that doesn’t mean they don’t host some pretty juicy targets for cyber robbers.

Hollywood hotties can grab headlines for a hacker, but anyone in a corporation’s chain of command whose identity can be compromised and exploited to filch trade secrets, bank account numbers, and the like, is just as worthy a target for crackers, if not more so. After all, exposing some embarrassing pix about a starlet may earn a hacker some fame, but cajoling bank account credentials from a “suit” can earn him a fortune.

While an Internet invader attacking a corporate network hunts different quarry than one focused on entertainers, their trade craft works in both realms. That was apparent in a presentation made by the Assistant Director in Charge of the FBI’s Los Angeles Field Office when he announced the capture of the infamous “Hollywood Hacker” earlier this month.

The alleged hacker, Christopher Cheney, 35 of Jacksonville, Fla. used a brew of online searching, social engineering and account manipulation to break into the email accounts of Scarlett Johansson and Christina Aguilera and posting information from them, including nude pictures of Johansson, on the Internet.

In his presentation to reporters, U.S. Attorney Steven Martinez displayed a chart titled “Operation Hackerazzi: Anatomy of a Hack” that broke down the steps used by Cheney to crack the accounts of more than 50 victims.

The hacker started his campaign by gathering information about his prey from online public sources. Although the government didn’t identify those sources, they are, no doubt, the same sources any miscreant would consult to obtain that kind of info on someone in any organization—Facebook, LinkedIn and online forums.

Using the information garnered from the Internet, the hacker then breached his target’s email account. Again, the government was stingy with details, but the information was probably used to craft a social engineering pitch—some kind of persuasive phishing message, for example—or a direct attack on an account, using the information to guess the subject’s password.

Once an account was breached, the hacker locked out the account’s owner by changing their password. That gave the hacker unfettered control of the account for a short period of time. During that time, he could communicate with the contacts in the target’s address book without the account holder knowing about it. He could also mine the target’s files for nuggets of information. In Cheney’s case those nuggets were risqué personal pics of celebrities, but in corporate environments, it would be contracts, strategy memos, new product specs, and the like.

After discovering that their passwords no longer worked, targets reset them. Did the temporary lockout set off any alarms in their minds? Maybe, but most likely they just considered it a computer glitch and went on their merry way, until the material clipped from their accounts started appealing on the Internet.

What’s more, the hacker planned for the inevitable repossession of the account by its owner. He accessed the account settings while in possession of it and modified them so all email was forwarded to one of his email accounts. In that way, he could still monitor what was happening in the account.

Meanwhile, the hacker took the contact information stolen from the account to harvest new targets.

What lessons can you learn from the “Hollywood Hacker?” Here are a few:

• Create secure passwords and don’t share them with anyone no matter how persuasive their reasons may be for knowing them.
• Create secure challenge questions—ones with answers that can’t be discovered on the public Internet.
• Do not use the same password for multiple accounts because discovering one can tip over all your accounts like a house of cards.
• Periodically check your mail account settings and sent mail items for suspicious activity.
• Don’t store sensitive information on a smartphone or computer unless it’s encrypted.

Assistant Director in Charge of the FBI's Los Angeles Field Office

Lessons Email Administrators Can Learn from ‘Hollywood Hacker’ Bust

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Whenever a new cool technology is introduced into a consumer smartphone, for every “wow” it sparks from an early adopter, an “ouch” is elicited from a system administrator. That appears to be the case with Siri, the “personal assistant” in the latest model of Apple’s iPhone, the 4S.

The 4S was introduced on October 5 and has proven to be extremely popular, with four million units sold during the first weekend it was available to consumers. Some of those consumers, however, are going to find that their shiny new toys are going to be mobilis non gratus when they try to connect them to their corporate networks. That’s because some organizations consider the smartphones a security risk.

At the root of the problem is Siri. It allows you to use your voice to issue commands and posit queries to the phone. For instance, you can say, “Where can I eat pizza around here?” And Siri will respond with a map with nearby pizza joints tagged on it. Or, without any training, you can ask it to call someone from your address book while you’re driving your car so you don’t have to touch the phone.

Sounds cool, doesn’t it? It’s so cool that Apple couldn’t resist turning the feature on by default. So when you take the 4S out of the box, Siri is on when you power up the mobile. What’s worse—and the real rub for administrators—is that Siri continues working even when the phone is locked with a password.

Ordinarily, when an iPhone is password protected, when you turn the phone on, a lock out screen appears. To get past that screen, you need to enter your password. With Siri activated, though, the lock out screen appears, but you can still give the phone voice commands. You can send email and text messages. You can access the phone’s address book and calendar. And you can make phone calls.

The only thing you can’t do is search the Net. Try to do that and Siri’s female voice will inform you that she will not ferret the Web when the phone is locked.

While Apple wasn’t about to disable a shining achievement like Siri from an out-of-the-box 4S, doing so is pretty easy. You drill down through settings>general>passcode lock and turn off “allow access to Siri when locked with a passcode.” That, though, reduces the utility of the phone, since part of Siri’s value is it allows you to perform functions with the phone without touching it. If you have to type in a pass code, you’ll definitely have to touch it.

However, the fact that Siri can be turned off is irrelevant to administrators. That’s because they need to compel devices that connect to their networks to be password protected. If a phone full of corporate secrets is lost or stolen, they don’t want to be wondering if it was password protected or not.

That’s not the case with the iPhone 4S. An administrator can never know when or if Siri’s passcode override has been turned off by a user. The possibility will always be lurking that Siri will be used to compromise an errant phone. Until administrators can access a phone’s Siri settings, the way they can access passcode settings through the Microsoft Exchange interface Apple supplies with its iPhones, the 4S will remain a pariah in many security-conscious organizations.

iPhone’s Siri Could Pose Threat to Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Have you checked the spam flowing into your organization lately? Microsoft has, and it has reported its findings in its Security Intelligence Report for the first half of this year.

The report, which is based data collected from 600 million computers worldwide, noted that pharmacy spam remains a favorite of junk emailers. An analysis of telemetry data from Microsoft customers who process tens of billions of messages a month using the company’s Forefront Online Protection for Exchange (FOPE) shows that 28 percent of all spam is non-sexual pharmacy junk. By comparison, sexual pharma spam is at the low end of the spectrum at 3.1 percent.

Behind pharma junk are non-pharmacy product ads (17.2 percent), 419 or “Nigerian” scams (13.2 percent), financial services (8.9 percent) and gambling (6.1 percent).

In the past, the report noted, some spammers tried to evade content filters by sending messages composed entirely of one or more images. This tactic appears to be losing favor among junko artists, as only 3.1 percent of the spam blocked by FOPE during the first half of the year was image spam, compared to 8.7 percent in 2010.

Microsoft researchers also found fewer “spikes” in spam activity during the period than in the past. Typically, volumes for a spam category spike as junksters mount short-lived, large-scale campaigns for it. Month to month volume changes were much more gradual during the first half of 2011, they discovered, except in one category: fraudulent university diplomas. That’s usually a very low volume type of spam, but in February it spiked to four percent of all spam. A similar spike occurred around the same time in 2010.

While the kind of junk spammers are flinging at organizations remains similar to the past, the amount of it has decreased significantly, according to Microsoft. From July 2010 to May 2011, the amount of spam blocked by FOPE plummeted from 89.2 billion to 21.9 billion messages. Microsoft attributed the volume declines to two botnet takedowns: Cutwail, in August 2010, and Rustock, in March 2011. “The magnitude of this decrease suggests that coordinated takedown efforts such as the ones directed at Cutwail and Rustock can have a positive effect on improving the health of the email ecosystem”, its report said.

FOPE is stopping most spam at the perimeter of the organization’s using it, the report noted, which frees up resources that would be consumed by more-intensive anti-spam methods. From 85 to 95 percent of incoming messages are blocked at the network edge each month, while the remaining five to 15 percent must have content-based rules applied to them. However, over the last year, the report showed the amount of edge blocked spam steadily declining, from 95 percent in July 2010 to around 85 percent in June 2011.

Much of the world’s spam is delivered through botnets, networks of compromised computers that respond to spammers’ commands remotely. During the first half of the year, Microsoft researchers found some interesting jockeying for position among the nations hosting spambot IP addresses.

While India remained at the top of the heap, with around 11 percent of all spambot IP addresses, and Russia remained strong with around a 7.7 percent share, some newcomers broke into the top five ranks from the first to second quarter of the year. Korea, for instance went from a 2.9 percent share to 8.4 percent to claim second place. Meanwhile, Vietnam jumped from four percent to 7.3 percent and Indonesia increased from 2.4 percent to 5.6 percent.

What Spam Is in Your Inbox? Microsoft Breaks it Down

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Not only is email the most common form of business communication, but it is also an important tool when it comes to compliance, record keeping and covering yourself.

So when a report comes out that claims that email delivery rates are 81% relying on electronic messaging for so many things can easily be called into question.

According to a study from Return Path, worldwide delivery rates for email communications hasn’t improved since 2009. The study also showed that 7 percent of all messages were classified as spam and 12 percent never reaching their destination.

For North American email users, the numbers are a bit better. An 86 percent deliverability rate is up 4 percent from the 2009 study and 6 percent are flagged as spam with 8 percent getting lost in the “mail”.

But despite the growth, 14 percent of all messages still aren’t reaching their destination successfully. That email could be the acceptance of a proposal, an important message to a client or customer or simply a happy birthday message to a loyal employee. Regardless of the content, when you send an email you expect that the recipient will get it. And when this breaks down it can cost your business money.

Why don’t emails ever find their way?

There are many reasons why an email never reaches its destination. These are some of the most common:

Hardware/software failure

Servers fail and software becomes corrupted and outdated. Without fault tolerance built into an email system when things go down, both incoming and outgoing messages can be lost. Archiving can help with some messages, but only those that your company has attempted to send or you have already received.

If your organization is like every other than making sure your email system is always running is of vital importance.

Poorly configured clients

One of the draws to using a cloud based email provider is that much of the configuration responsibility lies with the provider. Since they are in house experts everything is usually set up properly.

However if your company is using email software clients then your IT staff is likely tasked with making sure things are set up correctly. In this scenario, a typo in the IMAP, POP or SMTP server address can lead to failure.

Likewise, an employee without the proper training or knowledge can cause some serious problems when it comes to setting up the client correctly.

However the most likely configuration errors will occur when it comes to mobile devices. Employees who set up their personal smart phones and tablets to send and receive business email may make a mistake leading to messages being tossed around in never, never land.

Blacklisting

Ironically, one of the most successful means of growing your business can have a huge impact on your email.

If you find that your company’s messages are being flagged as spam, check with your marketing department. Have they recently launched an aggressive email marketing campaign? Maybe they have just started sending out newsletters via email?

Email marketing, if not done properly, can easily lead to your domain being blacklisted as a source of spam.

Overly aggressive spam filters

Putting a spam filter in place sounds like a good idea. After all, who doesn’t want to stop spam from making it to our inboxes?

Yet sometimes we can have too much of a good thing.

When it comes to spam filters, having a solution that is too aggressive may actually flag emails that are legitimate and harmless. If messages you want to receive contain a heavy concentration of words, phrases or symbols that are common to spam, an untrained filtering solution might flag it causing a false positive result.

To avoid this it is important to use a spam filter solution that you can trust but also one that your staff has been effectively trained to manage.

Statistics show that more often than not, you can rest assured that your email message will reach its destination with no problems. However it always makes sense to do whatever you can to help get your messages delivered and make sure that any legitimate emails coming into your organization find their way to the appropriate inbox.

Has Your Email Lost Its Way?

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

If there’s one rule that’s been drummed into the heads of all email users, it’s “don’t open executable files in email attachments.” But what if an email recipient doesn’t know they’re opening an executable file because its name has been cleverly disguised using Unicode?

Unicode is an international standard used to create a unique number for every character used by computers regardless of program, platform or language.

Its 109,000 characters, though, contain more than just letters from the alphabets of the world. It includes control characters, too. One of those characters can switch the direction at which a computer reads text. That can be valuable when a processor has to deal with languages like Hebrew and Arabic that read right to left or, as malware artists have discovered, when someone wants to camouflage a file name.

Those felonious fellows have found that inserting the right-to-left override character (U+202e) at a strategic point in a file name can mask its malevolent potential. What’s more, not only does it hide that potential from the recipient of the email carrying the pernicious payload, but it hides it from email filters, too.

This tactic isn’t new. In 2009, the Mozilla Foundation issued an advisory on the subject.

“When downloading a file containing a right-to-left override character (RTL) in the file name, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body,” wrote Mozilla security researchers Jesse Ruderman and Sid Stamm.

“An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file,” they explained.

About a year after Mozilla issued its advisory, a security firm identified the tactic being used to disguise executable files attached to billions of messages from spammers. But when those spam outbreaks occurred once every 10 to 14 days, recent activity sends spam blasts out as frequently as three times a day.

Hidden in many of those devious file names is the Bredolab Trojan. It’s a malware family designed to steal system information and turn a computer into a zombie on a botnet, where it will receive malicious URL’s and files from a Net bandit’s command and control server.

What the spammers are doing is taking their malware and giving it a name like corp_invoic_8.14.2011_pr.phylcod.exe. Then they insert the left-to-right override character after the p-h-y-l in phylcod. That tells a computer to take everything after the control character, read it right to left and display the results. The file name then looks like this: corp_invoic_8.14.2011_pr.phylexe.doc.

Some email programs will recognize the true name of a file, even it has been altered with a control character. Prominent security writer Brian Krebs, for instance, tried to send an executable file with a name disguised by the right-to-left method through Gmail. The Web application recognized the ruse and gave him its standard message about not allowing executable files to be sent through Gmail—only it displayed the message backwards!

Unfortunately, many email programs can be fooled by the right-to-left dodge, especially if the executable is in a zip or archive file. That’s why a good policy for any organization is to have its members check with the sources of unexpected files they receive attached to emails.

Clever Coding Conceals Malware in Email Attachments

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

I’m not saying that email is taking a bad rap these days, but there are many people out there who believe that email’s days as the reigning king of workplace communication are numbered.

With more companies opening up the doors to social media communication, text messaging and instant messaging, email is no longer the only method used to send electronic messages out to co-workers and customers.

One of the biggest reasons that email’s popularity is slipping with some users cannot be pinned down to any one particular reason. Actually, there are many collective reasons that people are beginning to turn away:

• Reading and answering email is viewed as a distraction
• Too much spam or junk email
• People don’t respond in a timely fashion
• It is hard to have a real time conversation

While many email users agree that these are some of the biggest problems with email, the fact remains that this method of communication is still the most widely used tool online every day because people are familiar with it and it works.

Making the most of email

There was a time when people thought email was the greatest business tool to ever come about. During that honeymoon phase, people could see no wrong when it came to sending and receiving electronic messages this way.

Like any other technology, after a while you start to notice the problems it has, your patience grows short and you start looking for the next best thing.

But you can rekindle your company’s romance with email using a little bit of guidance to help your users recapture the magic they felt when they first heard that ring of “You’ve got mail!”

Use the subject line wisely

All too often we are vague when it comes to writing subject lines. We are all guilty of writing things like: “please read”, “for review”, or even leaving the subject line blank. When we do that, we really shouldn’t be surprised if our message is not treated as one that is important. In fact, we should be lucky if we get any response at all.

Users should make their subject lines work for them. For example, “Need feedback on sales presentation by Friday” has all the makings a subject line that demands attention and a response.

Keep messages on target

Like anything else on a computer screen, people tend to scan rather than read big blocks of text.

When writing emails, it is important to break the message’s content in to small, digestible pieces for your readers so that they are more inclined to read the entire email, not just the parts they think might be important.

It also helps to keep emails focused on one topic. Teach users to send separate emails for different topics to keep messages shorter.

Address emails immediately

One of the biggest complaints users have regarding email is how much time it takes up. Most of this is their fault.

Commonly, a user checks his or her email first thing in the morning. Unfortunately they don’t often do much with these emails other than read over them.

By getting your users in the habit of dealing with email messages right when they open them up, they will find that the inefficiency myth surrounding email can be put to rest.

This doesn’t mean that your co-workers have to respond to each message immediately, but they should know that when they open a message up they need to reply, file it appropriately, delete it, or print it out for later. Never ignore the email and wait until later on in the day to address it.

Set a schedule

Most companies have a written policy as to how often users need to check their email. Some will even tell employees when they need to check them throughout the day.

While many find this to be a bit overwhelming, there is a reason. When people develop a habit of checking their email messages at certain times throughout the day, they become much more productive. The reasons are two-fold.

First, you are not distracted by constantly checking your email inbox. Surprisingly enough, constantly opening Outlook or Gmail throughout the day takes a great deal of time away from more productive activities.

The second reason is that a set schedule forces users to deal with incoming messages promptly. This helps business get done much more efficiently than if a message sits unread for days on end.

Although email has taken some knocks over the years, statistics show that people are still using it in increasing numbers – so it’s certainly not going anywhere. We can, however, give it that new car smell once again by reminding others how to best use it in the workplace.

Making Email Pleasant Again

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

When you don’t understand something that your job requires you to know, the most logical thing to do is research the topic and learn as much as you can about it. For many people who find security as part of their job description, learning as you go is the only option available. Yet despite the fact that there is so much information readily available to us, misconceptions regarding email security still confuse many professionals tasked with maintaining the confidentiality, integrity and availability of email services.

Blocking executable files will stop malware from being spread among users

Filtering all attachments that include .exe or .msi, was once a common way to keep users from sending infected files to one another through email. This is still considered by many to be a best practice for securing email systems, however as more tech savvy workers entered the workforce, they found ways around this. Generally, people will simply change the extension on a file and send it in an email attachment to a co-worker, friend, or family member. The recipient simply downloads the file and changes it back to the correct file extension. If that file has malware attached to it, the recipient will become infected when the file is opened and that could spread to other machines on your network.

Another scenario that dates this method of securing email, and is much more common, is when a user receives an email with a link in it. This link takes the user to a seemingly harmless website that is hosting drive-by downloads that install malware onto a computer when the person visits the site. No action on the part of the user is necessary other than clicking on the link.

Email security solutions need to address both of these scenarios in order to truly offer protection.

Attackers target large companies because that is where the rewards are greater

We often hear about how large financial institutions are hit by attackers where the number of users whose confidential information is stolen tops up to millions; or maybe it’s an attack against a huge government organization like the Oak Ridge National Lab attack that makes the headlines. At the same time, we almost never hear of a mom and pop store where the same thing happens. That’s because it’s not sensational. A small business being breached doesn’t warrant enough interest from the major networks but that doesn’t mean it never happens. It actually happens more frequently to small and medium sized enterprises than it does to the big corporations.

Large companies often have the budget to better secure email systems against attack where smaller companies often rely on security by obscurity as their solution and attackers know this. Whether they are looking for the lower hanging fruit, or simply trying to hone their skills, SMBs are frequent targets of email security attacks.

Finding security products that are geared towards SMBs is essential not only because they are affordable, but because they are tailored to the needs of these organizations.

Email encryption is only for healthcare and financial institutions.

It is true that these two industries are required by certain regulations to encrypt email messages, while other industries have nothing that says encryption is necessary it still is good practice to make sure your emails aren’t sent in plain text across the Internet.

There are many reasons why a smaller company would want to protect information sent via email. You could be sending confidential information about employees, details about an investigation, sensitive company financial data, strategies for growing your business… the list is endless. But no matter what the reason for keeping a lid on the contents of your message, if it is not encrypted then anyone with the know-how can capture and read these emails.

Email stored behind your firewall is more secure than email stored in the cloud

Cloud security is one of the most hotly debated topics when it comes to email security. Moving email services to the cloud will certainly take security and control out of your hands and put that responsibility on your cloud provider. But that doesn’t always have to be a bad thing.

If you research cloud providers and find one that takes security seriously and is open to answering questions about your email and data, then odds are their staff will be better able to handle security than a small IT department where the staff wears many different hats.

Cloud providers also have multiple data centers to handle back-up and recovery, as well as multiple layers of security.

Getting the right information when it comes to security can be rather difficult. There are many supposed “experts” who make a great deal of money selling snake oil to companies whether it is in the form of a security solution or education. The key is to read as much as you can and always look for the counterpoints when it comes to finding the best solution. If you spend enough time doing your homework up front, you will spend less time in the future dealing with mistakes.

Misconceptions About Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Many email administrators and users alike cringe when they receive email messages with emoticons. Most email etiquette and protocols call for avoiding unnecessary files, images, graphics and HTML. Placing a smiley in the context of your email basically violates all of these best practices and, in the eyes of many, just looks extremely unprofessional.

However research done by a school in Florida may have some of us changing our minds about using smiley faces and winking graphics when we send out emails.

According to Erin Richard, an associate professor of industrial and organizational at Florida Institute of Technology, business emails often lead to miscommunication.

“Businesses are expanding globally, and more and more employees are working from home, so electronic messaging has become critical for conducting business,” Richard said. “The topic is intriguing because we can all relate to the difficulty of communicating our emotions over email. Nonverbal cues that we can depend on with face-to-face communications are not there. All we have are the words, which can often lead to miscommunication.”

Miscommunication, especially via email, can lead to aggression according to Richard’s research. Her and her team found that aggression in the work place is more likely to occur via email than it is in a face-to-face situation, something that can be attributed to non-verbal cues used when communicating in person, or even on the phone.

What makes things more troublesome is that a response to an aggressive email can easily have a snowball effect.

Could Emoticons Be the Answer?

Sarcasm can be an effective way to get a point across in everyday speech. However try as we may, it just doesn’t translate well in emails. The sarcasm is lost and the comment comes across as negative or aggressive. Using emoticons may help relate the emotions that go along with statements made in an email message to curb miscommunication and negative responses.

According to Judith Kallos of Business Email Etiquette, there are appropriate times in which emoticons, or smileys, can be acceptable.

When congratulating a contact on an accomplishment or personal event they have shared with you, a short email response is often considered curt. Adding a smiley to your email reinforces that your happiness for their good news is genuine by providing a visual cue.

When you want to make sure that the recipient of your email doesn’t take your last comment verbatim or too seriously.

When using sarcasm, this is an instance where having a winky-smiley after a comment gives the other side a clue that you are kidding or poking fun. Without the use of an emoticon they may very well take that comment seriously and that is where trouble can easily start to brew.

Using Common Sense Instead of Emoticons

The safest answer to how a company can reduce miscommunication in email messages it to state that employees should be trained on proper email protocols and email etiquette. Training is great but as we have all seen, users easily forget what they are taught.

So emoticons may very well be one solution to helping accurately convey the meaning behind our comments in an email. Businesses who feel that it is appropriate can encourage their use among employees. Unfortunately, not all businesses feel this way, so while using emoticons for inter-office communications may be acceptable practice, sending an email to a supplier or customer with a waving smiley may cost your company credibility - or even future business.

Instead of batting as to which solution is the best approach, it seems that simple common sense is the answer. Simply knowing who you are writing an email to, and what the situation is should dictate how you write, or answer, an email. If you are simply responding to a quick question, a short answer could be completely acceptable. If an email solicits a response that you are unclear about, by all means ask for an explanation to curb any negative feelings.

And if the situation calls for a great deal of emotion on the part of either party, maybe you should question whether or not email is the best way to convey this particular message.

Email Communication Emotions

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

When looking at solutions on securing email, many people don’t take into consideration the type of business environment they work in. All too often, after spending a great amount of time and money, small to medium-sized enterprises find out that what works for a company the size of Bank of America doesn’t quite work for them.

To better help SMBs find solutions scaled to their needs when it comes to email security, I have compiled a list of 5 tips that address the risks and restraints that they face.

1. Get the right solution

Email security can come in any number of packages. Security solutions can be software based, deployed through an appliance or even in a hosted environment. Each type has a variety of advantages, but there may be some disadvantages based on your company size or industry so it is important that you weigh your options carefully.

It is also important to look to solutions that can provide the protection your company needs at a cost that works. Too many times people are under the impression that security appliances are seriously out of reach for most small to medium sized businesses. This isn’t the case. There are many solutions that organizations find affordable and feature rich.

Make content filtering a standard practice

Content filtering needs to be a two way street. Of course, you want to filter out inappropriate content from being received by employees and certain types of attachments need to be blocked to prevent the spread of malware and expose vulnerabilities. However how often do you consider filtering what leaves your business via email?

Many industries nowadays are highly regulated and sending sensitive, or even financial, information out through email can not only bring compliance issues to your business, but it may also give competitors an edge. Filtering what users send out can be just as important as filtering what they receive when it comes to securing your company’s email.

Practice recovery as well as backup and archiving

Do you brush just half of your teeth? Then why would you only test half of your backup and recovery solution? Many companies find out, only when it is too late, that their backup and recovery solution was not configured properly or that there is some sort of problem.

This can be alleviated by regularly testing the recovery portion of your backup. By simply setting up a server (or virtual server) on which you can replicate your email system you can frequently test the validity of your backups in a way that will not disrupt your current email process.

Create fair policies that management will enforce

One of the biggest mistakes that SMBs make when it comes to email security is to take an overly aggressive approach. Without the manpower and resources to fine tune security policies, it becomes easier to just restrict anything that could be a perceived threat. This becomes especially true in small IT departments because they are tasked with so many other responsibilities.

When creating policies, it is important to bring other departments to the table so that these policies do not restrict anyone from getting their work done efficiently and effectively. Involving others at the management level also helps them better understand the reasons behind email policies and the ramifications for not following them. Gaining this support will help when it comes time to enforce these policies and discipline those who violate them.

Educate your staff

When it comes to security, it is a common misconception that bigger, state of the art, expensive solutions provide the best protection. Even though this isn’t true, SMBs often feel that they are at a disadvantage when it comes to email security because they cannot afford to deploy such solutions.

What many SMBs don’t see is that they have a distinct advantage over their larger counterparts when it comes to educating end users. When you have a smaller number of employees to train you have the advantage of being able to spend more time with them to make sure they understand the material you are delivering. You also have the opportunity to be readily available to answer questions or address any concerns or issues that your users may have.

Developing a solid training series for email security can also help free up time for IT departments that find themselves tasked with too many responsibilities because users who are informed and educated require less oversight and less attention.

5 Essential Tips for SMB Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Advanced persistent threats make email security a necessity

Most email administrators consider security to be a large part of what they do. With so many laws and regulations governing the storage, discovery and retrieval of email messages, security has become a second job to many.

Unfortunately, many administrators either forget, or simply aren’t aware, that securing email requires much more effort than hardening the email servers against attack. In order to fully protect your organization’s email and their contents the mailbox also needs to be defended. Especially when you consider how popular Advanced Persistent Threats are becoming with large cyber crime syndicates who use email not only as a way to harvest sensitive information, but also as a method of attack through phishing and social engineering.

By implementing the following tips into your security plan you can help protect against these, and the many other threats that your organization may face:

Create email policies to regulate the communication of confidential information

Email communication has become second nature in the workplace. It is quick, easy and it gives us a record of our conversation so we can refer back to any information at a later date. However, if the conversation contains sensitive information like login credentials, financials, personal information, and the like, then it can be extremely valuable to anyone who may harvest those emails.

By simply setting up, and enforcing, policies that restrict certain information from being sent via email you can mitigate the damage done if emails are exposed. At the very least, your policy should state that user logins and passwords (and/or PINs) not be communicated via email.

Teach users to encrypt their messages

One of the best analogies I have seen to describe the need for encrypting emails is one that compares email to a postcard. Basically, anyone who comes across it can read the contents if they want. This can be stopped by encrypting emails to prevent eavesdropping.

Encryption is a hard thing for many people. It requires additional steps, training and, in some cases, third-party software (such as PGP) yet it is really the only way to keep your messages private in transit.

Encryption shouldn’t be limited to sending and receiving messages alone. Any email that is stored on a hard drive (think personal folders), a network drive, backup servers or archive systems should also be protected from any prying eyes.

Get rid of old email

A long time ago, storage space was a precious resource. Nowadays inboxes can be easily scaled to hold enormous amounts of data. Unfortunately that provides a greater possibility that an attacker will find something valuable.

Email should be moved, or deleted, when their life cycle is up. Make sure to check with any regulations regarding discovery and archiving before getting rid of the old stuff, but if you combine this with encryption you will be taking great strides to protect older emails.

Practice good network security habits

Make sure that desktops are continually scanned for malware that could possibly expose email login credentials, filter Internet content to protect against malicious websites, understand how to properly use a firewall and update server and client software as needed.

In addition to the employing technology to help secure your email systems you should also consider human factors as well. One of the ways that people first discover that their systems have been compromised is by noticing an anomaly. Be on the lookout for log-ins that just don’t seem right whether it be the IP address, the time of day or even the length of time.

This can be one of the most tedious tasks to undertake when it comes to security but it is by far the most important.

Put the right solutions in place

In many small and medium-sized enterprises, the email administrator alone cannot be as vigilant as he or she would like. Even in organizations where there is team of professionals dedicated to security use necessary security tools to help them do their jobs. Smaller companies need to understand this as well.

By employing technologies that help manage email, backup and recovery, archiving and security, you are plugging the little holes that provide that chink in the armor most attackers are looking for.

No one said that email security is going to be an easy task, but it is one that cannot be ignored just because it’s too hard or it costs too much.

Tips for Better Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

In just one week Google, the International Monetary Fund and Citigroup have all made headlines as a result of email associated with them being under attack. The reason we continue to see companies make the news as a result of email attacks is that email security is sometimes ignored when it comes to training users properly and making good decisions. In some cases, having the latest and greatest when it comes to security tools even creates a false sense of security that causes us, and our users, to overlook the little things. A multi-layered defense that has been properly configured with all the best technology can be rendered useless if the little things are forgotten.

This list displays some of the most common mistakes that are made when it comes to email security and a brief description of what you can do to prevent them.

Leaky emails

There are many times when sensitive information is passed along via email. If everything is encrypted properly you, and your users, often assume that it will only be seen by the appropriate people. Unfortunately this isn’t always the case. Too many times a recipient may answer an email with sensitive information and hit the reply all button without checking to see who will be receiving the email.

The fix: Put a policy in place that addresses sensitive emails and reply to emails. However a policy alone isn’t enough. Make users aware of the policy through training and keep a record that all users were trained/informed of the policy and repercussions of not adhering to it.

Trusting others

When we receive emails from family, friends and business colleagues we often blindly open them without much concern. Especially if they are contacts we communicate with on a regular basis. However malware can easily be spread through emails by attachment or embedded code and links.

The fix: HTML in emails should be blocked if this is a concern, as should the ability for your users to receive attachments that are scripts or executable files.

Passwords that are easy to guess

Remember when Sarah Palin’s personal email account was breached? It was because her password was easy to guess using information the attacker found on her Wikipedia page. Companies often list information on corporate sites that provide attackers enough information to guess passwords as well.

The fix: Enforce strong passwords or password phrases for all users. Also, make sure that people don’t give up information that may be used to guess their passwords when providing bios.

Ignoring malware protection on the desktop

While scanning all emails for malware needs to be done, the desktop should not be ignored. And all too often it is. Malware definitions are outdated, software is not configured to run properly or protection is completely left to the user.

Even if you have a policy that enforces strong passwords, a keystroke logger can easily give up even the most complex password combination.

The fix: Email administrators should work closely with IT security to make sure that the desktop and network security isn’t lax so passwords are tougher to expose.

Failing to check on backups

Some companies and industries are required, by law, to back up and archive emails for a set period of time. Others are not required to do so. Regardless of the laws, every person and company should be in the practice of backing up emails. Emails often provide important records and information that could be lost.

But what happens if you need to restore your emails and find that something went wrong? Maybe the backup was incorrectly configured or the backup location was insecure. In any event, the inability to restore emails from a backup can render the entire solution useless.

The fix: Frequently test the ability of your backup solution, and staff, to restore emails.

These five tips may seem basic and simple. But that is the point. Working in IT we often gravitate towards the more complex issues and ignore simple techniques and solutions until it is too late. By taking the time to do the little things when it comes to security, we build an even stronger foundation for all the bells, whistles and technologies that really impress us and our bosses.

5 Simple Mistakes When it Comes to Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Developments in cloud based computing have shown quite a bit of excitement and promise, especially when it comes to small to medium sized businesses. Those who evangelize the cloud will often cite the many benefits of moving to a cloud based email service. The litany of favorable reasons to examine moving email services off site that are oft quoted fall into line with the reasons used to move to any new technology:

• Ease of scalability
• Ease of software updates
• Email access anywhere
• Better disaster recovery
• Ease of implementation
• And of course, reduced costs

So when a vendor, or even someone in your own organization, throw these at management looking to save money and increase productivity then it seems like the question moves from why should we move to the cloud? to why has it taken us so long to move our email to the cloud?

Is it really that easy?

Cloud based email services make a whole lot of sense for many organizations. By doing a bit of research, you are certain to find at least one case study on how moving your email to the cloud helped someone in your specific industry. Yet even with good reasons and plenty of research to support this decision, nothing should be done without considering every angle because over the years if we have learned one thing, when it comes to IT nothing is risk-free.

So what does an interested SMB need to consider when all the arrows point to moving to the cloud? Let’s take a look.

1. Control

When your email resides on servers that are housed at your location, you are responsible for configuring the software, maintaining the hardware, updating and patching the server(s), cooling the room, etc. But you also have complete control over your email and backups. Moving to the cloud means you are giving up control and possibly ownership. This lack of control can lead to real world problems. For instance, if your organization has a one year deletion policy, is your cloud provider able to adhere to that? Conversely, if you have a no delete policy can this be achieved as well?

A rarer occurrence, but one that has much harsher repercussions is the event that an investigation needs to take place. Will emails be available for forensics when needed? If so, will there be any issues with the chain of custody and proving that the investigation was tamper proof?

2. Availability

Unless you have been living under a rock you are well aware of the attacks against Gmail over the recent months. The decision to move email services to a cloud provider should always be based on how well the provider can ensure that mail servers will deliver an acceptable percentage of uptime. Of course it’s one thing to say that you guarantee 99.9999 percent uptime and quite another to deliver so when a cloud provider makes a claim regarding availability, make sure your IT team speaks with the sales engineers, not just the salesperson, to see what exactly is in place to eliminate things like interruptions and denial of service attacks.

3. Security and Spam Protection

One of the biggest draws to the cloud for email is the fact that the provider will take care of security and anti-spam. Again, this is something that you are entrusting to the provider and giving up control over. If you are unhappy with the amount of spam that gets by the filters, or if the false positive rate is higher than an acceptable rate you can’t simply switch to a different solution.

This should be at the forefront of any discussions you have with potential email service providers. Find out what solutions they have in place and research them just as if you were buying the protection for your own servers.

4. Cost

Of course cost is always the number one reason SMBs look to the cloud. It is hard to find anyone who will say that a cloud based solution isn’t less expensive in the long run than running, securing and maintaining your own email servers. However the numbers may not always equal the level of service you expect. Costs may not always be transparent. A cloud provider may charge extra for business grade anti-spam protection. Perimeter security or virus scanning may also require additional costs. Finally, storage is never a one size fits all solution so this will always present itself as a variable.

The cloud is definitely a solution worth looking into for a number of reasons, however as a smart business move it would be equally prudent to look at all of the considerations as well prior to signing any type of contract.

4 Considerations for Cloud Based Email

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators