An IT security strategy should breathe. It must be fluid and dynamic, adaptive and resilient, flexible and scalable. A strategy must serve today and tomorrow. A strategy is the framework for policies, but it must be more than a three-ring binder full of plans.
You won’t find what you need on the shelf. You can’t download a strategy. And, there are no templates for what you need. According to The IT Security Policy Guide, what you want and need is “an actionable and realistic policy that your company can use to manage its security practices and reduce its risk of a security incident.”
How does email security fit into your IT strategy?
Email was created to let scholars and researchers exchange information and observations. And, among the university consortiums linked together by networks, everyone trusted everyone. No one gave thought to hacking or stealing data.
In fact, the network builders didn’t give much thought to creating defensive or preventive technology. But, as email spread beyond the university, the weaknesses rose to the top, requiring current users to struggle to stay ahead of the “evil forces” out to spam or corrupt their email.
“Email is one of the biggest security threats for any organization because it’s so critical to running a business,” said Hoala Greevy, Founder CEO of Paubox. “It’s a numbers game, and with so many emails being sent everyday, there’s a lot of opportunities for threats to slip through.”
It’s left to you and your IT partners to strengthen your security fence and manage the way you use email.
1. Pick a provider. All email Internet Service Providers (ISP) are not equal in terms of security, and few users know that there are many alternatives to Hotmail and Gmail. FreedomHacker lists over 20 options, but Hushmail and Tutanota appear on most lists of recommended email services.
These services provide end-to-end encryption for extra protection, but at the very least, you want a service that filters out unwanted messages and scans attachments.
2. Watch attachments. Firewalls don’t protect you against attachments that you open. Some servers will ask you to confirm that you trust the provider. But, going forward exposes you to attachments containing bad stuff. So, your strategy requires rigid policies for handling email attachments.
3. Do not click-through. Emails often contain embedded links inviting you to click-through to more information. Friends and people whom you trust do not do this. Reputable businesses do not make such requests.
Phishing schemes will seek more personal or financial information if you proceed. And, unwanted downloads may install viruses if you click on the link.
4. Filter your mail. Your ISP probably does a good job of identifying your spam. But, you can increase the filtering with a personally adjusted filtering component.
Create email aliases and give those names to select groups. You can have an alias for work and another for family and/or friends.
Your smartphone and ISP will link the aliases. But, the different “identities” will let you differentiate between messengers. Any system will let you move messages to folders assigned to each alias.
5. Update your OS. Your computer system has an Operating System Service Pack. It requires updating and reminds you when it’s time. Calendar your devices to update their respective Operation Systems - Windows or Apple (News - Alert).
These are patches, and you can download regularly. Some systems remind you, and you need to comply even though you may continue without the update.
6. Check the source. Emails from unknown sources will appear with an URL in the address bar. If it does not show a Lock icon, it is not a secure site. Also, if the URL begins with http:// instead of https://, it may be unsecured. Email through an http:// leaves your messages exposed to villains.
7. Browse privately. Using the computers at public venues like libraries or computer cafes leaves your work vulnerable to anyone on the public network. That’s the risk you take for the convenience.
But, if you don’t logout of your email server, you also leave your info for the next user. So, in addition to logging out from the email address, you should close the Web browser to delete most of your digital presence.
Better yet, you can opt to use private browsing mode which will leave no search history or cookies behind. Still, make sure you log out of the private mode.
Why your email security supports your IT strategy
If you start your security strategy as an individual user, it won’t be difficult to set up best practices for your small business. With the support of IT pros inside or outside your growing business, you can formalize the strategy as working policies.
You must develop a workable solution for email security for at least three reasons:
Of course, emails are only one part of your overall IT strategy. Still, it is an area where you can do much on your own, and you must maintain your personal email behavior inside and outside of the business premises.