Six ways email security can aid compliance

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-age.com/technology/security/123460179/six-ways-email-security-can-aid-compliance

Several industry regulations exist that impose data security requirements
on companies, such as HIPAA, Sarbanes-Oxley, as well as EU data protection
regulations. These regulations require organisations to restrict employee
access to sensitive customer and patient information and keep records
private and secure.

The Payment Card Industry Data Security Standard (PCI DSS), for instance,
requires companies that process credit cards to ensure that credit card
data is protected from exposure. Regardless of industry regulations, every
company has the duty to keep private employee and customer information
secure.

Email security plays an important role in meeting compliancy standards and
keeping private information safe. Here are six ways in which your company
can improve email security to safeguard confidential data:

Boost malware and spear phishing protection

According to the SANS Institute, 95% of enterprise data breaches start with
a spear phishing attack. By effectively blocking malware and spear phishing
attempts, exposure to data breaches can be greatly decreased.

Because these attacks frequently utilise unknown threats or zero-day
vulnerabilities, not all antivirus engines are able to detect the malware.
By using multiple anti-malware engines to scan email attachments, along
with email attachment sanitisation that can remove embedded threats that
may be missed by antivirus engines, more threats can be detected and
possible breaches avoided.

Filter email content

Configure filters that content check emails to ensure that they do not
include any sensitive information that could be exposed. For instance by
detecting and blocking emails with credit card data and social security
numbers you can prevent confidential information being accidentally emailed
and exposed.

Add company email footer

EU regulations require companies to add a company footer to every email,
containing the company address, registration number and owner information.
By configuring your email security solution to automatically add these
footers to your emails, non-compliance can be avoided.

Limit attachment types

Not all employees need access to all file types. Potentially dangerous
email attachments such as .exe files are for instance usually only needed
by IT staff. By setting limitations on the types of files that employees
can receive, you can further reduce the chance of malware infections.

Provide secure file transfer alternative

Since email can easily be intercepted, it is important to provide a secure
file transfer system that employees can safely and easily use to transfer
sensitive documents to external parties. Implementing user authentication
ensures that only the intended recipient can view the files.

If possible, this solution will also integrate with your email system so
that certain attachments are automatically removed from emails and sent
through secure, encrypted, file transfer to ensure confidentiality.

Train employees

By having an employee cyber security policy and regularly training
employees, you can minimize human error such as sending sensitive documents
via email, including credit card data in emails, and falling for phishing
and other scams.

By taking the above email security measures, your company can greatly
reduce the chance of data breaches and prove that it has taken necessary
measures to protect confidential information.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!