Q&A: E-mail Security Threats and Countermeasures

David Vella is the Director of Product Management at GFI with experience in quality assurance, network administration and software development. In this Q&A he provides insight into e-mail security threats.

What are the most significant e-mail security threats and how do you deal with them?
E-mail security threats can be classified in to categories: inbound and outbound. Inbound threats come into the shape of viruses and malware, spyware, attachment spam, spam e-mail that redirect users to phony websites, phishing scams, e-mail exploits and so on. To deal with these threats, companies need to take the following steps:

  • Install anti-spam and anti-phishing software. An effective product will use various technologies to deal with spam and its derivatives such as image spam, MP3 spam, Excel spam and NDR spam, for example.
  • Install anti-virus software at server level and implement strict content filtering policies across the organization. The use of multiple anti-virus engines is recommended.
  • Educate employees on the use of e-mail and how to treat suspicious e-mails. The basic message should be: if you don’t know who sent the e-mail and you were not expecting any attachments don’t open it. Getting this message across will reduce the risk that an employee will open a link or divulge information he or she should not give out.
  • Employees should be told not to use their work e-mail address for personal business, to open accounts on social networking sites etc. By restricting the use of work e-mail addresses to business communications, you can lower the risk that corporate e-mail addresses will find their way onto spam lists.

Outbound threats are the result of e-mail being used intentionally or through error to distribute documents and other information that is not intended for public release due to its confidential nature or commercial value.

Companies should not ignore the threat posed by insiders. Data leakage of important and confidential information can occur if an employee mistakenly sends an e-mail to the wrong person, or intentionally e-mails the material to third parties for personal gain or with malicious intent. This threat can be greatly reduced if companies implement content filtering policies that restrict what can be sent out by e-mail.

In your opinion, should we encrypt all business e-mail?
Encryption is but one tool to protect business e-mail. While it will protect the contents of an e-mail from prying eyes and those who are not authorized to review that content, it will not protect the company from insiders sending out confidential material without permission (unless steps to prevent this are already in place). Encryption alone is not the solution.

Besides encryption, what are the essential steps anyone should take in order to make sure their e-mail communication is safe?

Content filtering is a must for companies that want to ensure that all outbound messages do not contain information within the e-mail body or as an attachment that should not be divulged. Companies should install a software product that provides content filtering on two levels.

a) Attachment checking: Attachment checking rules enable administrators to quarantine attachments based on user and file type. For example, all executable attachments can be quarantined for administrator review before they are distributed to the user. It also allows administrators to allow only one department to send out a particular file type. For example, databases can only be e-mailed out by Finance and Management. Any other person sending out a db file will be flagged by the system and the administrator can take appropriate action.

b) Granular user-based e-mail content policies/filtering: Using content policies rules engine, an administrator can configure rule sets based on user and keywords that allow you to quarantine potentially dangerous content for administrator approval. Similar to the example above only e-mails from finance with keywords such as Sales Forecasts or Accounts will be allowed through. Keyword filtering can also be effective in stopping any e-mails that contain offensive content.

GFI uses multiple virus engines instead of partnering with one vendor. What are the benefits?
Using multiple scanners drastically reduces the average time to obtain virus signatures which combat the latest threats, and therefore greatly reduces the chances of an infection. The reason for this is that a single anti-virus company can never always be the quickest to respond.

For each outbreak, virus companies have varying response times to a virus, depending on where the virus was discovered, etc. By using multiple virus engines, you have a much better chance of having at least one of your virus engines up-to-date and able to protect against the latest virus. In addition, since each engine has its own heuristics and methods, one virus engine is likely to be better at detecting a particular virus and its variants, while another virus engine would be stronger at detecting a different virus.

Overall, more virus engines means better protection. With thousands of viruses released every day, you cannot afford to be caught without the latest virus definitions.

What do you see your customers most worried about?
There are two angles here to consider. From a technical perspective, the growing volume of spam received by companies and virus infections are the two major concerns for customers. However, more and more companies are slowly starting to understand that spam and virus attacks are but the tip of the iceberg when it comes to e-mail-based threats and they are taking an active interest in derived and new forms of threats such as phishing, social engineering by e-mail as well as data leakage via e-mails.

Along similar lines, customers are also worried that the volume of e-mails they receive is creating storage problems on their e-mail server resulting in lower performance levels and complaints from employees that they need larger mailboxes. Companies are also starting to look at e-mail from a different perspective: it remains an important communication tool but it is now also a major source of company information and records. The “threat’ that one e-mail could be the focus of a legal lawsuit is pushing companies to consider e-mail archiving (separate from backing up e-mails) as the next most important tool they need.

From a business perspective, e-mail is a crucial business tool; customers, from the mom-and-pop shop to the biggest multinational they expect that e-mail just works. Customers are thus concerned about the ease-of-use, reliability and the cost of ownership of securing their e-mail so much so that they are now demanding solutions that not only address the technical issues but also meet their needs for performance, ease-of-use and competitive pricing.