|
Are you Managing your
E-mail Risks?
E-mail is critical to the success and operation
of most organizations. Without e-mail, organizations
are less efficient and can’t compete against larger,
and more established firms.
Computer users are critical to the success of an
organization’s security platform. E-mail threats
such as spam, viruses, and phishing specifically
target users and their end point devices. Hand held
devices put data "on the move" and the same users
that are critical to the success of an
organization’s security framework now present
security related risks.
E-mail systems require on-going IT management and
monitoring. Not only must e-mail hardware and
software be periodically upgraded, these same
systems must be patched on a regular basis.
IT departments are responding to known security
threats by implementing traditional security
measures:
- Employee awareness - security education and
training
- Anti-malware - anti-virus, anti-spam,
anti-spyware, and anti-pop up software
- Patch management – keeping software and
firmware patched and up-to-date
However, organization management must be aware of
other types of risks including risks related to
transmitting information:
- Confidentiality - e-mail attachments can
include confidential information such as
customer lists and pricing that should not be
sent to recipients outside of the organization
- Clear text – sensitive information can
inadvertently be sent in clear text
- Traffic – e-mailing large documents creates
bottlenecks and uses up valuable network
bandwidth
- Compliance – meeting regulatory requirements
related to information as it is collected,
stored, archived, and secured
IT risk
assessments can help organizations evaluate
additional risks such as service level performance,
support (technical and user), redundancy and
availability, as well as fail over and contingency
plans.
Tags: risk assessment | email risks | email risk
management
|
