How To Solve The Five Biggest Email Security Problems

Email is a critical business tool. Without access to email for even a few hours, a company's productivity is severely hampered. Although email is essential for productivity, if it is not properly managed, it can also cause major headaches, ranging from infected machines and system downtime to embarrassing data breaches and steep compliancy fines.
As much as 70% of all email traffic is estimated to be spam. Even though spam is a major nuisance, most anti-spam products do a fairly good job at blocking most spam. However, there are still some major email security issues that not every company is able to successfully protect themselves against. So what are the biggest email security problems that companies face today and how can they be solved?

# 1. Malware: According to eWeek, 2-4% of all emails contain a virus, which means that 6 million email viruses are sent out every day. A particular nasty variation of malware circulated via email is ransomware, which encrypts all files on the system and demands a ransom to unlock the data. Unfortunately, even if you have an antivirus solution in place, this will not necessarily protect you from all threats. As Darryl K. Taft wrote in a recent eWeek article: "Many standard off-the-shelf antivirus solutions do not have the sophistication or capabilities to stay on top of the daily evolution of viruses and malware." To increase protection against email threats and new outbreaks, companies need to implement a multi scanning solution that will scan email attachments with multiple antivirus engines. By leveraging the power of the different detection algorithms and heuristics of each engine, detection rates are significantly increased, providing robust protection against malware threats.

#2. Spear Phishing: A massive 95% of data breaches start with a spear phishing attack, according to the SANS Institute. Considering that most companies deploy anti-spam and antivirus solutions, why are these spear phishing attacks still so successful? To avoid detection by regular spam filters, spear phishing emails are only sent to a small number of individuals and considerable effort is put into making the emails look legitimate. Also, many spear phishing attacks make use of unknown threats or zero-day vulnerabilities that not all anti-malware engines will be able to detect. The solution to spear phishing is to beef up your email security gateway with a multi-scanning solution that increases your protection against known and unknown threats and decreases vulnerability to malware that evades or disables specific anti-malware engines. In addition, as a precautionary measure, it is a good idea to apply data sanitization to remove any active code from email attachments by changing the file format. Many spear phishing emails include malicious Word or PDF attachments. By changing the format of a Word document to PDF and vice versa, scripts and other possible threats are automatically removed.

#3. Large Email Attachments: Many email servers place limits on the size of files, usually 10 MB. If an attachment is too large, the delivery will fail, in many cases without the sender knowing. Large attachments may also cause mail server problems for both the sending and receiving party. To avoid this from happening, companies must provide employees with a file transfer system for easily sending large email attachments, improving efficiency and productivity, as well as avoiding IT headaches.

#4. Data Loss: Every company has a duty to keep customer and employee records safe. While many companies continue to use email to exchange confidential data, this is strongly discouraged. Email can be intercepted, and confidential information sent through unencrypted email is at risk of being exposed. Companies require a secure file transfer system that automatically encrypts files and can require user authentication before allowing access to files. If possible, the system should be able to automatically intercept emails and send attachments via secure file transfer, minimizing the chance of accidental data loss through human error. By implementing such a system, companies can ensure that sensitive data remains secure.

#5. Compliance Issues: Several industry regulations exist that impose data security requirements on companies, such as HIPAA, Sarbanes-Oxley, PCI, FCC, and SEC, as well as EU data protection regulations. In order to avoid credit card data or social security numbers being accidentally emailed and exposed, it is advisable to configure email filters to quarantine emails containing these number sequences in the email or attachment. EU regulations require companies to add a company footer to every email, containing the company address, registration number and owner information. By configuring your email security solution to automatically add these footers to your emails, non-compliance can be avoided. Finally, if you use a secure file transfer system to exchange sensitive data with third parties, and you are able to provide an audit trail for each transfer, your company can prove that it has taken necessary measures to protect confidential information in transit.
Policy Patrol Security for Exchange is an email security solution that includes Metascan's powerful multi-scanning and data sanitization technology and significantly increases protection against known and unknown threats.
If you already have an email security system, you can use Metascan Mail Agent on top of your existing mail gateway to significantly boost your malware protection by filtering email attachments with multiple anti-malware engines.
Policy Patrol Secure File Transfer is a secure file transfer solution that allows users to send and receive files instantly and securely. By encrypting files, applying user authentication, and providing an audit trail, Policy Patrol Secure File Transfer protects companies against data loss and helps companies meet regulatory compliance guidelines such as HIPAA, Sarbanes-Oxley, PCI, FCC, and SEC, as well as EU data protection regulations.

Yet another way to address email security issues is to implement a file quarantine. The quarantine of files, such as those received through email, can have numerous benefits. File quarantine can help you identify the source of a threat by performing an analysis of the file as well as removing the risk of losing valuable data from improperly classifying a clean file. If you are interested in learning more about file quarantine, you can read our white paper, Three Considerations for File Quarantine Configuration. The white paper covers the three main aspects to consider when configuring and maintaining a file quarantine, and the security benefits of implementing a quarantine within your security architecture.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.