Although the internet and email bring a range of business benefits, they also pose a number of potential security threats.
Common email vulnerabilities
Some of the most common email security threats are:
- spam and phishing
- social engineering
- malicious unauthorised access
- unintentional acts by authorised users
You should fully consider the possibility of malicious and fraudulent attacks by hackers, as well as the impact that viruses and denial-of-service attacks (ie attempts to disrupt your web or network services) could have on your IT systems.
Email security safeguards
Securing an email system is the responsibility of your business' IT department and/or your email administrator. However, anyone who shares business information via your email network should be aware of the threats and risks involved.
Common safeguards for protecting IT systems include:
- Authentication - techniques to identify and verify anyone seeking to access an e-commerce system.
- Access control - user restrictions to ensure users only access data and services for which they have been authorised.
- Encryption - techniques to scramble data and protect information stored on a computer or transmitted over a network.
- Firewall - hardware or software security devices that filter information passing between internal and external networks. A firewall controls access to the internet by internal users, and prevents outside parties gaining access to systems and information on the internal network.
- Intrusion detection - products that monitor system and network activity in order to spot if someone is trying to gain access.
- Anti-virus software - tools to detect viruses and prevent access to infected files.
- Staff awareness - keeping staff aware of typical scams used to extract personal or sensitive information.
Create a good security policy
An IT security policy should outline how you plan to protect your IT assets. It should emphasise:
- the measures you will take
- their importance to your business
- the responsibilities of your staff
For example, your policy should state that staff should regularly change passwords they use to access your email or IT system, not write them down or share them with anyone else.