10 Steps to E-mail Security

Essential Steps to
Email SecurityA Clearswift Best-Practice GuideIntroduction
It's a jungle out there.
If email came with a health warning it would have to say something like:
CAUTION:EMAIL CAN BRING DOWN YOUR NETWORK, CRASH YOUR APPLICATIONS, STEALYOUR CONFIDENTIAL DATA, GET YOU THROWN IN JAIL AND DESTROY YOUR COMPANY'S REPUTATION.
When you think about the risks, it's amazing we let email into our enterprises at all. Then again,just try switching it off.
Every enterprise has to find a balance between security and the ability to carry on conductingbusiness freely. This short guide is about finding that balance.
By following some basic principles, there's no reason you can't let legitimate business emailmove into, out of and within your enterprise while stopping the things that cause damage:viruses, spam, spyware, trojans, phishing, Denial of Service attacks, the loss of sensitive dataand the collection of illegal, immoral and just plain offensive material.
There's no escaping it: the people behind these threats are getting increasingly sophisticatedand well-funded. The only real defense is the vigilant application of policy, technology andprocesses designed to keep email safe and secure.Step 1
Establish and promote a robust email policy.
Servers don't send email, people do. That's why it'sso important that everyone in your organization understands exactly what is acceptable when usingemail.
In our experience, there's an inverse correlation between how much time a company spends developing and promoting its email policy and howmuch money they spend chasing the problems thatpoorly managed email creates.
A good policy looks like this:
 Clear -easy to understand, with minimal room for interpretation.
 Realistic -based on the involvement of all parts of the business to reflect the way youwork.
 Granular -recognizing that different users, departments and locations use email differently (while sharing common ground).
 Flexible -the ability to change as your business changes.
 Up-to-date -covering all new threats and reflecting continuous feedback from the business.
 In-your-face -an effective policy is seen on induction, on bulletin boards, in cafeterias, newsletters, e-updates.
Don't just tell all staff about the policy, tell them how you're enforcing it using filtering technology. The deterrent effect alone will prevent breaches before they occur (and give you astronger case if prosecution is necessary).
We feel so strongly about policy, we've decided to share our own. To see Clearswift's email policy, contact info@clearswift.com.
Clearswift's email security solutions are all policy-driven. The entire MIMEsweeper range is designed so that you can support your policy with our technology. Youset the rules, let MIMEsweeper police them.Step 2
Be clear about what you're defending against.
If your email security strategy doesn't cover every one of these threats, you're inviting attack:
 Viruses, trojans and bots Spam and phishing attacks Spyware Denial of Service Attacks Confidential data leaks Hatemail and pornography  Illegal material and stolen files Regulatory breaches
A security solution that leaves any of these undefended is no solution at all. When your CEOcalls you into his office and slams a newspaper on the desk with the headline, CHILD PORNRING OPERATES FROM Xco OFFICES, your great spam detection rates are not going to be ofmuch help.
MIMEsweeper products cover every email threat, letting your policy dictate the response toeach. And as new threats emerge, MIMEsweeper integrates them quickly and easily. No loopholes.Step 3
Make sure your defenses aresustainable.
An email security strategy that over-burdens the ITdepartment and email administrators will ultimatelyfail - not to mention wasting talent that can be better employed elsewhere.
A sustainable approach is:
 Technology-enabled -supported by robusttraffic filtering and analysis tools.
 Integrated -handling all threats in one solution from a single management console.
 Web-managed -giving authorized administrators access from any browser anywhere.
 Shared sensibly -with users managing their own quarantine lists and authorized departments helping with relevant policy breaches.
 Automatically ... [download for more]