Part 2 of 2: How to Ensure E-mail Security

- Advertisement -

4. Using unsecured e-mail accounts to send and receive sensitive corporate information. Large corporations invest huge amounts of money to ensure that their computer networks and e-mails remain secure. Despite their efforts, careless employees using personal e-mail accounts to conduct company business can pass along sensitive data and can undermine the security measures in place. So ensure that company’s security is not risked by transmitting sensitive company data via personal computer or e-mail address.

E-mailing the right people
1. Use the blind carbon copy (BCC) option. When BCC: option is used, rather than the CC:, none of the recipients can see the addresses of the other e-mail recipients. E-mail users often rely too much on the TO because it is the default way of sending e-mails. This is fine as long as writing to just one person or a few family members. But if you are sending a mail out to a diverse group of people, it raises some serious privacy and security concerns.

It takes just one spammer to get a hold of the e-mail and immediately everyone on your e-mail list gets spammed. I am not saying that honesty of the group is in question. There are many e-mail programs that are set up to automatically add to the address books any incoming e-mail addresses. That means that some people in the group will inadvertently have added the entire list to their address book and, as a result, if one of their computers is infected with ‘Zombie’ (used for distributed denial of service attack) and silently sends out spam e-mails, it will cause the entire list to get spammed.

- Advertisement -

2. Using the ‘Reply All’ button. Sometimes the mistake is not in deciding between CC: and BCC: but between hitting ‘Reply All’ instead of ‘Reply.’ When using Reply All, it is to be kept in mind that e-mail message is sent to everyone included on the original e-mail and, if the information is strategic in nature, this step can be disastrous from both a security and personal humiliation perspective.

3. Spamming as a result of forwarding e-mail. Forwarding e-mails can be a great way to quickly bring someone up to speed on a subject without having to write up a summary e-mail but, if proper care is not exercised, forwarding e-mails can create a significant security threat. As an e-mail is forwarded, the recipients of the mail (until that point in time) are automatically listed in the body of the e-mail.

As the chain keeps moving forward, more and more recipient IDs are placed on the list. Unfortunately, if a spammer or someone just looking to make a quick buck gets hold of the e-mail, he can sell the entire list of e-mail ids and then everyone could start receiving spam. It only takes a few seconds to delete all the previous recipient IDs before forwarding a piece of mail. You can this avoid the terrible situation of you being the cause of all your friends or coworkers getting spammed.

Making backups and keeping records
1. Failing to back up e-mails. Many a times e-mails are used to make legally binding contracts, major financial decisions and conduct professional meetings. Just as we keep a hard copy of other important business and personal documents, it is important to regularly back up these important e-mails to preserve a record. This will be helpful in the scenario when an e-mail client crashes and entire data is lost. The frequency of backups depends on e-mail usage, but under no circumstances should it be done less frequently than every three months.

2. Mobile access. Presuming a backup exists. Mobile e-mail access, such as through Android/smart phones/Blackberry, has revolutionised the way we think about e-mail; no longer it is tied to a PC, but rather it can be checked on-the-go anywhere. Many a times, BlackBerry users simply assume that a copy of the e-mails they check and delete off the BlackBerry will still be available on their home or office computer.

But it is important to keep in mind that some e-mail servers and client software download e-mails to the Blackberry device and then delete them from the server. Thus, for some mobile e-mail access devices, if e-mail is deleted from the device, it is deleted from the Inbox. Just be aware of the default settings of e-mail client and ensure to keep a copy of the retained e-mail. It also happens in the case of MS Outlook that the e-mail is downloaded onto the PC. Here I would like to mention that it is the protocol which does it. By protocol I mean POP3, which downloads all the e-mails onto the hard disk and clears them from the e-mail server until explicitly told by the setting. This setting is shown in Fig. 11. By default, this setting is unchecked in MS Outlook, so all the e-mails when downloaded on the local hard disk get deleted from the e-mail server.