Most spam is now blocked at the boundary, before it reaches the messaging server, by devices such as Tumbleweed's MailGate Email Firewall, which uses the company's DAS (Dynamic Anti-Spam) technology, and IronPort's C600 appliance with Symantec Brightmail Anti-Spam. You can also buy software that runs on a corporate mail platform to protect gateway server devices.
Today, the greater threat comes from spyware and phishing attacks rather than conventional spam. In extreme cases, instances of spyware, especially key loggers, can compromise a company's intellectual property. Besides the increased risk of losing data when spyware is installed, it can be difficult and time-consuming to remove. And, productivity can suffer when employees spend company time fixing credit reports harmed during a phishing attack. So filtering only for spam is clearly not a wise choice.
One area of content filtering that doesn't get enough attention is that of intellectual property in outbound e-mail. Nearly 50 percent of network security attacks come from within the so-called secure boundary of the corporate network, according to Deloitte's 2006 Global Security Survey (see "Data Drain"). People have different incentives for accumulating corporate information illegally. They might be paid handsomely for stealing data, or they might simply take data because they can. We've all come across the end user who, knowing he'll be leaving the company soon, decides to forward all e-mail in his in-box to his personal e-mail account. We're also familiar with the more damaging scenario of the employee who takes all of her contacts--including valuable sales leads--with her to her next job. Creating an effective e-mail security policy that includes scanning outbound e-mail for sensitive content can help protect your corporate secrets and keep information from getting to where it shouldn't. But content scanning is still not as accurate as virus scanning. False positives, mistuned policies and e-mail mistakenly held up as "potential" threats on outbound servers will cause business delays.
Policing Your Setup
Combating viruses, spyware and phishing attacks does not stop with the selection and implementation of one of these technologies. Your security policy must be clearly defined to match the sensitivity of your data, and it must be enforced; it must convey who owns e-mail and how it is used. Undesirable e-mail security scenarios can be avoided through awareness campaigns and personnel training. Make sure your end users log out of their Windows sessions when leaving their workstation to prevent unwanted browsing of their in-boxes. Work with HR to ensure that employees are aware that all corporate e-mail is the express property of the company, not the employee. Take measures to make sure passwords aren't written down and placed on monitors or under keyboards. These sound like common-sense measures, but we all know how often these guidelines are ignored. Finally, be wary of visitors to your offices, and make sure they are chaperoned when appropriate. Based on these concepts, create e-mail education seminars for your users. Training your end users will allow them to police themselves.
