14 POINT CHECKLIST TO BUSINESS EMAIL SECURITY
july 20, 2014 | Email Marketing
In a world of constant changes and increasing access points, transmission and storing very sensitive user mail data has huge repercussions if this data gets into wrong hands and hence businesses small or large, will also need to keep upgrading their IT security measures. The best of the Enterprise Cloud email services and solution providers are constantly working to enhance the security measures, built all the services and applications to comply with highest security standards, fortify security infrastructure to mitigate the risks even at granular levels and have some of the most advanced Security Features, which can be applied as per your company IT policy by the admin over the cloud.
Here a few must haves that you could check before you make your decision to go with any Email service provider :
1. Secured transmission : Secured transmission is an inherent requirement of any business email - secure login to mail service via 'HTTPS' ensuring no unauthorized entity can intercept mail data across all access points. Ensure Emails and the attachment encryption of incoming & outgoing mail data.
2. Secure storage : Storage at secured locations at multiple data-centers in proximity to the international internet landing stations to reduce latency and most reliable power supply, equipped with bio-metric scanner, surveillance cameras and guarded 24x7x365 and multi-level checking to ensure only the authorized personnel have access to storage location
3. Security Vulnerability detection : Automatic vulnerability detection systems foil hacking even before the process starts, blocking access to mails, if any deviation from standard email usage is detected.
4. Security audits : Security systems be up-to-date with latest security patches and audited by third party tools to ensure no vulnerability is left.
5. Virus & Spam protection : Inbuilt antivirus of zero virus outbreak capability and real time new virus definitions Multi-layered spam protection with advanced mail filters, and custom spam setting for individual & entire domain whitelisting & blacklisting.
Here a few must have features in your cloud based admin control panel, before you make your decision to go with any Email service provider :
6. Password Policy : Effective password policy prevents passwords from being hacked, guessed or cracked by a cyber-vandal and cause severe damages - entire customer database might be deleted, mess up your inventory, critical data posted onto the Internet, steal your customer list, customer's credit card numbers. Password policy feature must allow to set length, complexity and expiry (typically for a period for 15-30-45 days). User gets an alert of expiry & should change password, incase he is unable to do so IT team can reset password via email admin.
7. Mail Access Restriction : Mail Access Restriction feature allows administrator to control users access to mails through multiple settings. Prevent people outside your network from accessing your email by restricting users to access mails only from allowed network/IP. Restrict certain users from accessing mails outside your company network or allow them to access mails only via secure channels wiht reference of protocol. Control user mail access from more than 10 channels like HTTP, POP3, IMAP, SMTP, WEB etc
8. Incoming And Outgoing Mail Restrictions : Protect inflow and outflow of mail data by framing suitable policies. Restrict incoming/outgoing of mails from/to unwanted domains from the cloud based admin panel. Once the restrictions are applied, the User will no more be able to receive mails matching the conditions specified by you. e.g. @xyz.com or email@example.com.
9. Incoming And Outgoing Attachment Restrictions : Framing suitable policies on the attachment and send-received mails from a domain or an individual. Admin can block sending/receiving of unwanted/suspicious attachments like exe, cab, etc. On applying restrictions, user will not receive or sent mails of similar attachments. Admin can also restrict the file size as per the business requirement of each user or on the entire domain, to ensure just enough transfer of email data via attachments.
10. Auto-Forward restriction & monitoring : Disabling of auto-forward must be set by Admin to all or required users. For those who are allowed to auto-forward, Admin can check Auto-forwards set by user.
11. Two Factor Authentication : Two factor authentication is enforced on all the users having valid mobile numbers by default. Every user with valid mobile number will be challenged with extra authentication in form of mobile code while logging in to webmail. TFA is also triggered when user changes his password, change the password recovery info or sets an auto forward to his account..
12. Mail Monitoring : Do you have managers of group of users dealing with information critical to your company and worried about the mail activity of those users? Sweat not, Prevent mischief and control the quality of mails send and received by email users of your company's various teams by setting up mail monitoring for those accounts. The users would not get to know that they are being monitored and the monitoring manager would be able to see all mails sent & received by the group of users in a single stream.
13. Proactive ID protection : Attempts to compromise account credentials have been on an exponential rise - with situations like spurious login attempts, identity thefts, etc. Rediffmail Enterprise IDProtect has been built to protect proactively in real time and act as a shield against most type of access frauds. It is a self-learning engine that uses sophisticated algorithms to map every users legitimate access patterns. IF IDProtect detects any new access pattern (from a new location or new network), the notification sent will have details of Service (Web, App, SMTP, POP3, IMAP) & ISP. Aberrated access patterns are intercepted real time & are red flagged. Users are then notified to Allow or block such access requests and the system will Whitelist or Blacklist them. For any unknown access, it is recommended to change password immediately & disinfect all devices using standard anti-virus/malwares. Admin can monitor all notifications sent to his users using Admin Panel & can also Block or Allow access on behalf of users.
14. Email Spoof protection : Email Spoofing scamsters send email to your users from an anonymous proxy using your own domain. Emails sent using a good email service provider's SMTP are signed using DKIM technique. If intended for internal (same domain) users, then DKIM signature can be verified on receipt & delivered in inbox and mails failing to verify will be considered as spoof. Emails sent using SMTP of other Service provider (using third party system like Payroll, CRM, Email Marketing, etc) may not be signed using DKIM, and could create a problem as Legit mails will be identified as Spoof. To avoid the same, SPF (Sender Policy Framework) record must be added in your DNS along with IP address. SPF is a system to help domain owners specify the IP addresses of servers which are authorized to send mail from their domain. Recipient's mail systems can check to make sure that the server sending email from that domain is authorized to do so, to reduce the chances of email spoofing. Mail servers that accept emails, do a SPF check by looking up the SPF record of the sender. Rediffmail Enterprise make best efforts to track and block such attempts of spoofing via DKIM & SPF, among other methods.
Mentioned Features to a larger extent will help prevent cases occurring due to spam/compromised accounts, Other than this it is also noticed that the access/compromise can be through local network to the company via their machine, desktop, laptop or device which may be infected by a Keylogger, Malware, Spyware or another virus.
Some Recommendations to Manage IT security within your company & for your users:
- Update all PCs on your LAN with latest service packs/security patches (This can be downloaded from respective OS website e.g Microsoft.com for windows)
- Never subscribe- free newsletter, marketing mails or any unknown link using their official id
- Do not open any mails/attachments sent by Unknown Senders & also not visit any unknown websites as they may affect the user machines without his knowledge
- Do not access mails from any open/unknown networks especially WIFI networks or cyber cafes
We are sure implementing advanced features & following IT policies mentioned will help in keeping your Email Secured.
Rediffmail Enterprise is an Award winning premium enterprise cloud email solution provider dedicated to security of the highest standards providing email services to small, medium and large enterprises. The additional security features discussed above is available for admins only in the Premium version of Rediffmail Enterprise.