While 2002 challenged corporate e-mail security, 2003 can be the year companies strengthen their systems, according to 800onemail Inc., an e-mail service provider. To help companies start the new year off right, the New York-based company offers these tips:
- Evaluate all pre-2000, messaging systems. Many companies have not upgraded their systems since Y2K, leaving them exposed to security risks.
- Formalize a message security policy that outlines acceptable use of corporate e-mail and keep users informed on the policies with regular communication and updates.
- Secure access to corporate e-mail by implementing strict password policies with an 8-digit minimum, non-renewable password, and make sure it's changed frequently. Even better, use two-factor authentication.
- Layer e-mail security by using a combination of desktop anti-virus, multiple server anti-virus and content filtering applications. One anti-virus is no longer enough. Tackle spam with a centrally managed anti-spam solution customized for your business and users.
- Encrypt e-mail connections with Virtual Private Network's (VPN) and/or SSL. Never leave corporate e-mail systems open to the public Internet despite the temptation of its convenience.
- Secure the road warriors; make sure wireless and remote users have the same level of security as desktop users without compromising their access. Desktop anti-virus, managed personal firewalls and a managed VPN should be standard.
- Monitor e-mail systems and support users 24/7. Ensure administrators are subscribed to multiple security forums and alerts to keep up-to-date on security incidents and vulnerabilities as they happen.
- Evaluate the expertise and security model of any outsourcer or e-mail systems product your company is considering. Ask about anti-virus and anti-spam systems, support models, infrastructure, redundancy, data center storage, back-ups, connectivity and encryption.