I was reflecting over the weekend of the mid and late 90’s when the internet was rolled out in mass around Australia. How wonderful and innocent it was. Email was amazing with the ability to send messages around the planet in real time from the comfort of your home, and security was a word in the fine print and certainly not something the end user need worry about.
A few of us dared to examine the depths of what is possible and we quickly realised the internet will quickly become a playground for anyone wanting to mess with it. Today there is no escaping it. The threats are increasingly real and sophisticated and a company’s only real defence is a vigilant usage policy coupled with technology, design and education. I tell my small business clients that being vigilant is half the battle so finding a balance between security and the ability to conduct business freely is essential. This short guide is about finding that balance.
STEP 1. PROMOTE A ROBUST EMAIL POLICY
Computers don’t send email, people do therefore it is important that everyone in your organisation understand exactly what is acceptable when using email.
A good policy should be:
- Clear and concise to understand with no room for interpretation
- Realistic based on all areas of your business to reflect the way you work
- Flexible to change as your business changes
- Up-to-date covering all new threats
- In-your-face, an effective policy is seen on induction or bulletin boards or newsletters within your business
Step 2. BE CLEAR ABOUT THAT YOU’RE DEFENDING AGAINST
Your email security strategy should cover everyone of these threats
- Virus, Trojan and Bots
- Spam and Phishing Attacks
- Denial of Service Attacks
- Confidential Data Leaks
- Hatemail and Pornography
- Illegal Material and Stolen Files
- Regulatory Breaches
STEP 3. MAKE YOUR DEFENCE SUITABLE
Your email security strategy needs to be suitable for the rest of your business process. No point deploying a robust security system that gets bypassed when users work from home or on the road. An email security strategy needs to be easy to deploy, monitor and manage, automatically update and span departments. You need to choose the right deployment options such as Software, Applications and Managed Services. Only you can decide on the right method or which combination.
STEP 4. MONITOR, CHECK AND REPORTING
So now you have a security policies in place and a robust security system, what’s next. Who is monitoring it? Regular checks from a qualified professional still need completing and tweaks, updates and refining need attention. For small business who do not have full time IT staff, this may be as simple as employing IT professionals such as Networkz to check systems.
- Regular computer scanning and monitoring
- Email server updates and refinement
- Company policy updates
- Staff education