As anyone in IT knows, email security is a careful balance. If your organization’s email is not carefully secured with automated filters, employees will be inundated by unwanted and even malicious messages, which are not only a waste of time, but can be downright dangerous to the business. On the other hand, email filters that are too restrictive and unintuitive can block important messages and have an impact on the company’s day-to-day operations and the bottom line.
These challenges are particularly true for enterprise companies, where hundreds or even thousands of employees send and receive a staggering number of emails every day. If your company is experiencing less-than-ideal email security, you’re probably already on the defense, looking at ways to close vulnerabilities with a new patch or tweaked configurations. But maybe the problem lies with your email security filter itself.
When assessing your enterprise email filter, keep these four email security best practices in mind:
1. Consider the True Costs of Email
As the amount of spam has increased over the years, email security filters have responded by blocking nearly 100 percent of suspicious emails. But that overreaction is the cause behind the industry’s dirty little secret: Blocking everything can be costly. And whether spam filters are causing false positives or letting too many emails through, the business is facing lost productivity and lost revenue.
The Problem With False Positives
When your email security filter flags a relevant email as spam, that false positive can waste time and even money. (One company’s employees reported spending half an hour every day checking their spam folders.) Across an entire enterprise, a pattern of false positives can be extremely costly.
Consider this unfortunate case, reported by the Washington Post, of a Colorado law firm. After spam became a big problem, the firm’s IT administrator dialed up the spam settings to block more unwanted email. But soon after, lawyers there missed a court date because the spam filter blocked several emails from the U.S. District Court of Appeals. Not only did the team miss their court date; they also had to pay court fees and expenses incurred by the opposing side’s lawyers, who did show up.
The Problem With Lenient Filters
On the other hand, when spam starts slipping past your email security filters, it can give hackers a foot in the door of your enterprise. Today’s spammers are getting more sophisticated, and as employees spend even more time managing their email, the likelihood of someone accidentally opening a phishing, ransomware or spoofing scheme only grows. It’s best to keep these malicious messages out of your company’s inboxes altogether.
2. Continually fine-tune your email filter.
To be effective, your email security must “learn” what your enterprise considers spam. Usually, the “naughty” list includes content that is considered spam by businesses in general–such as emails with lots of numbers, strange formatting or certain words. But what is considered spam at one company could be relevant to another.
In addition, with many email security filters, there is little room for customization that allows for different levels of security across departments or employees–a crucial best practice for an enterprise.
That’s why most of today’s enterprise customers require smarter email security. Take a look at your security settings and consider what might be causing false positives. Do some fine-tuning, and see if the most common alerts gradually become more accurate. Take a look at any legacy systems that might need updated patching or can be shut down altogether.
Or, rather than opting for a one-size-fits-all security application, like a network anomaly detector or a basic security information and event management, seek out a solution that applies several integrated technology layers–including silverlisting and anti-spoofing–to do away with malicious threats and pesky spam. It should also give employees the flexibility to manage their own inbox using a community paradigm. So if marketing wants to receive all email campaigns from your company’s competition, but no one else wants to, it’s an easy tweak of their permitted senders list.
3. Reach out to your business partners.
For large enterprises, it’s vital that IT understands the company’s network assets so that you can gain context and help optimize email security. What assets are most important, and how are they used? Which files and systems are a bit less vital for business success? What types of email content and which senders are most relevant to the company’s high-priority assets?
Reach out to your company’s business executives to learn more about the network assets. Ask which systems need special attention, and then re-examine your email security filter settings. By having a broader understanding of the business need, you will likely be able to optimize your email security a bit more.
4. Filter by more than just content.
Typical indicators of spam, such as those that include mentions of certain medications or charts full of numbers, aren’t always applicable in an enterprise setting. It’s easy to imagine any of these examples coming from a legitimate source, especially in the business world (such as, in the example above, a law firm).
So what’s the alternative? Filtering by contact, while also applying technologies that actually makes email smarter, helps to eliminate the possibility of false positives and false negatives. That’s why Sendio developed Email Security Gateway™ and Opt-Inbox™, which filter email by determining which contacts are trustworthy—and which are not.
Instead of using content filtering, scoring or statistical techniques, Sendio applies several advanced security layers to all inbound email, including silverlisting, IP address reputation, anti-spoofing and anti-virus technology, and a permitted email senders community. The result is fine-tuned email security that does away with false positives–for good.
It’s time for your enterprise to strike more of a balance with its email security. Click here to get started.