To see just how much spam one infected zombie computer generates SophosLabs in Hungary setup a “honeybot” that would receive commands from a command and control server. While the honeybot’s outbound communications were stopped before they could do any damage, the results of this experiment does give anyone tasked with email security responsibilities a look into what they are up against. In the span of one week from this computer infected with a single malicious program:
- 5 million email addresses were spammed
- 30 GB of outbound email were sent
- 750,286 unique spam messages were sent
- 26% included another item of malware
- 74% contained links to a pharmaceutical website
Now imagine that this computer was part of a botnet 10,000 or 100,000 computers strong and it’s easy to see why finding the best email security solutions for your company is so important, but how do you go about finding them?
Enroll in Email-specific Security Training
General security training and certifications help individuals build a strong foundation in information security however, knowing how to create a subnet range without a calculator isn’t going to do much to protect your users’ inboxes. No, the best email security training comes from courses designed to address the specific threats that your organization faces. Seek out training that covers topics such as email encryption, DKIM, SPF and DMARC. You should also find training on preventing malware and how to create the various filtering lists you need to effectively keep malicious emails at bay.
The easiest way to find out the latest and the best email security techniques is to attend one of the big security conferences. Since email is the choice attack vehicle for advanced persistent threat groups and spam still makes up roughly half of all email messages sent, there are usually a few talks about what you can do to better protect your email systems.
Join Interest Groups
These are one of the best places to find the best email security advice on the web because there aren’t any aggressive sales pitches that you have to wade through. These groups are usually made up of like-minded professionals who are willing to share tips, techniques and information related to email security. Be advised, however, that some of these groups are extremely restrictive about who they let in. It generally helps if you know a current member. If not, contact the moderator or sponsor to see about how you can participate. To start connecting with peers right away and with less resistance, try joining a few LinkedIn Groups about email security.
Do Your Reading
We all know that we can find a wealth of information about anything on the web – email security is not any different. Start by searching for email security techniques, email security methods and even best email security practices. You will likely find an avalanche of white papers, ebooks, blog posts, discussion forums and other information available.Vendor-supplied content frequently includes tips and tricks for the best email security methods. Read as much as you can and as your knowledge increases, dive into deeper, more complex topics.
Knowing how to best secure your email systems should be something you do before you purchase any type of commercial solution. Without understanding what techniques are important, what methods work and which technologies are outdated you may wind up investing a lot of money and time into a solution that doesn’t adequately protect your organization and your users.
To find out more about how Sendio’s Email Security Gateway can help you better protect your company’s email systems against spam and other email borne threats.