800onemail, a secure email service provider, published a list of eight tips to help companies better secure their email systems. With the new year just arrived, it's a good time to turn over a new leaf with regards to all-around security, including email systems. 800onemail suggests that companies:
1. Evaluate all messaging systems. Many companies haven't upgraded their systems since Y2K, which could leave them exposed to security risks.
2. Formalize a security policy that outlines acceptable use of corporate email and defines who owns email communications. Keep users informed about the policies with regular communication and updates.
3. Secure access to corporate email by implementing strict password policies, such as nonrenewable passwords and frequent password-change requirements. Consider implementing 2-factor authentication.
4. Layer email security by using a combination of desktop antivirus applications, multiple server antivirus applications, and content-filtering applications. Because of the many viruses discovered and varied reporting styles of antivirus software makers, one antivirus system might no longer suffice. Tackle spam with a centrally managed antispam solution.
5. Encrypt email connections with VPN or Secure Sockets Layer (SSL) connections. Don't leave corporate email systems open to the Internet despite the temptation of convenience.
6. Make sure telecommuters and wireless users have the same level of security as desktop users without compromising their network access. Use desktop antivirus software, managed personal firewalls, and a managed VPN.
7. Monitor your email systems and provide support to users 24 x 7 if possible. Ensure administrators are subscribed to multiple security forums and alerts to keep current on security incidents and vulnerabilities.
8. Evaluate the expertise and security model for any outsourcer or email systems product your company uses. Ask about antivirus and antispam systems, support models, infrastructure, redundancy, data center storage, back-ups, connectivity, and encryption.