Email Security

Email Security: A Pocket Guide

STEVEN FURNELL
PAUL DOWLAND
Copyright Date: 2010
Published by: IT Governance Publishing
Pages: 100
https://www.jstor.org/stable/j.ctt5hh575
  • Cite this Item
  • Book Info
    Email Security
    Book Description:

    Your business relies on e-mail for its everyday dealings with partners, suppliers and customers. While e-mail is an invaluable form of communication, it also represents a potential threat to your information security. E-mail could become the means for criminals to install a virus or malicious software on your computer system and fraudsters will try to use e-mails to obtain sensitive information through phishing scams.

    eISBN: 978-1-84928-097-6
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. PREFACE
    (pp. 5-5)
  3. ABOUT THE AUTHORS
    (pp. 6-6)
  4. ACKNOWLEDGEMENTS
    (pp. 7-7)
  5. Table of Contents
    (pp. 8-9)
  6. GLOSSARY OF ABBREVIATIONS
    (pp. 10-11)
  7. CHAPTER 1: E-MAIL: CAN WE LIVE WITHOUT IT?
    (pp. 12-18)

    It would be no exaggeration to suggest that e-mail is now the lifeblood of modern business communications. Indeed, it is conceivable that some readers may not even have experienced the pre-e-mail era, when the only options for circulating a document involved photocopying it and/or faxing it, and when memos were sent on paper (and when a cc’d recipient may in fact have received a genuine carbon copy). At the time of writing, these other modes of communication have not entirely disappeared, but they are far less commonplace and there are likely to be few modern business environments in which they...

  8. CHAPTER 2: E-MAIL THREATS AND ATTACKS
    (pp. 19-33)

    E-mail can undoubtedly offer us an easy and effective means of communication. Unfortunately, it also represents a significant channel for threats to both organisations and individuals. Indeed, many of these are well established and organisations have already been forced into providing safeguards against the problems. For example, 97% of businesses surveyed in the UK’s 2008Information Security Breaches Survey(ISBS) filtered incoming e-mail for spam and 95% scanned it for malware.⁴ In addition, there are further issues that can arise from within the organisation. For instance, of the 16% of ISBS respondents reporting staff misuse of information systems, almost half...

  9. CHAPTER 3: SECURING THE CLIENT
    (pp. 34-45)

    One issue facing many organisations is the perception that security is taken care of centrally by the system administrators rather than it being a shared responsibility facing all employees. There are obviously many ways to implement security for e-mail systems and inevitably much of this will be done at the server end. However, modern email clients also offer comprehensive facilities for improving security, and it is relevant to consider and use these capabilities.

    Most mail clients offer user-configurable settings (or some mechanism to deploy an organisation-wide policy) that affect how the client behaves in certain contexts. While by no means...

  10. CHAPTER 4: SAFETY IN TRANSIT
    (pp. 46-54)

    The previous chapter identified a range of protective mechanisms for e-mail on the clientside. However, once e-mail has left the user’s desktop, there are a myriad of risks that an e-mail can face whilein transit. These risks relate back to the fundamental principles of security, notably:

    confidentiality: ensuring that the e-mail content is not disclosed to a third party;

    integrity: ensuring that the e-mail’s content cannot be modified before reaching its destination;

    availability: ensuring that the mail servers (including any additional mail relaysen route) are not adversely affected (e.g. by denial of service attacks);

    authenticity: ensuring that the...

  11. CHAPTER 5: SERVER SIDE SECURITY
    (pp. 55-67)

    Although Chapter 3 introduced a number of countermeasures that can be deployed within the client, the majority of protection is provided at the server end of any e-mail communication. The sections that follow describe a wide range of techniques that can be used on the mail server to protect recipients from malware and Unsolicited Bulk E-mail (UBE), as well as preventing organisational systems being used as the source of UBE.

    The first level of protection for an organisation is perhaps the simplest — a typical firewall can offer a good level of protection for the mail server from attacks against the...

  12. CHAPTER 6: E-MAIL ARCHIVING
    (pp. 68-73)

    Given its importance to business operations, it is relevant to consider how e-mail can be retained for later use. This gives rise to the consideration of how to archive messages in the most effective manner.

    A key point to note at the outset is that e-mail archiving is not the same thing as backing up, not least because the motivations are different. While backing up aims to provide a safeguard against some kind of data loss or system failure scenario, archiving provides a route for e-mail retention with the upfront expectation that it will need to be accessed again. So,...

  13. CHAPTER 7: ETHEREAL E-MAIL
    (pp. 74-77)

    Although running an e-mail system for an organisation may seem a relatively trivial task to some, there are significant challenges to maintaining an efficient and effective service that meets the high expectations of users. With a need to support hardware, software, archiving and backup, and with an increasingly mobile workforce, it is no surprise that more organisations are considering adoption of the ‘Cloud’ for their business-critical e-mail services.

    A move to Cloud-based e-mail services (where e-mail services are provided over the Internet to an organisation by an external provider as a hosted service) is not to be taken lightly, as...

  14. CHAPTER 8: RISKING OUR REPUTATION?
    (pp. 78-90)

    Chapter 2 has already flagged that approximately a quarter of organisations scan their outgoing mail for inappropriate content. One of the fundamental reasons for doing so is to prevent such messages from reflecting badly upon the organisation, potentially tarnishing its image or bringing its name into disrepute. This chapter begins by examining some examples of how this might happen, before proceeding to consider the fact that classifications of what is inappropriate may be a bit of a grey area and that a clear policy is needed to govern this as well as to underpin other aspects of e-mail usage.

    For...

  15. APPENDIX: ADDITIONAL NOTES
    (pp. 91-97)
  16. ITG RESOURCES
    (pp. 98-100)