Mike Spykerman, VP, OPSWAT: How Can Email Security Aid Compliance?
September 2015 by Mike Spykerman, Vice President of Product Management at OPSWAT
Several industry regulations exist that impose data security requirements on companies, such as HIPAA, Sarbanes-Oxley, as well as EU data protection regulations. These regulations require organisations to restrict employee access to sensitive customer and patient information and keep records private and secure. The Payment Card Industry Data Security Standard (PCI DSS), for instance, requires companies that process credit cards to ensure that credit card data is protected from exposure. Regardless of industry regulations, every company has the duty to keep private employee and customer information secure.
© Stephen VanHorn
Email security plays an important role in meeting compliancy standards and keeping private information safe. Here are six ways in which your company can improve email security to safeguard confidential data:
1. Boost Malware and Spear Phishing Protection
According to the SANS Institute, 95% of enterprise data breaches start with a spear phishing attack. By effectively blocking malware and spear phishing attempts, exposure to data breaches can be greatly decreased. Because these attacks frequently utilise unknown threats or zero-day vulnerabilities, not all antivirus engines are able to detect the malware. By using multiple anti-malware engines to scan email attachments, along with email attachment sanitisation that can remove embedded threats that may be missed by antivirus engines, more threats can be detected and possible breaches avoided.
2. Filter Email Content
Configure filters that content check emails to ensure that they do not include any sensitive information that could be exposed. For instance by detecting and blocking emails with credit card data and social security numbers you can prevent confidential information being accidentally emailed and exposed.
3. Add Company Email Footer
EU regulations require companies to add a company footer to every email, containing the company address, registration number and owner information. By configuring your email security solution to automatically add these footers to your emails, non-compliance can be avoided.
4. Limit Attachment Types
Not all employees need access to all file types. Potentially dangerous email attachments such as .exe files are for instance usually only needed by IT staff. By setting limitations on the types of files that employees can receive, you can further reduce the chance of malware infections.
5. Provide Secure File Transfer Alternative
Since email can easily be intercepted, it is important to provide a secure file transfer system that employees can safely and easily use to transfer sensitive documents to external parties. Implementing user authentication ensures that only the intended recipient can view the files. If possible, this solution will also integrate with your email system so that certain attachments are automatically removed from emails and sent through secure, encrypted, file transfer to ensure confidentiality.
6. Train Employees
By having an employee cyber security policy and regularly training employees, you can minimize human error such as sending sensitive documents via email, including credit card data in emails, and falling for phishing and other scams.
By taking the above email security measures, your company can greatly reduce the chance of data breaches and prove that it has taken necessary measures to protect confidential information.