The number one reason an e-mail client becomes vulnerable to attack is because it has not been patched. Hackers usually learn of vulnerabilities when the patches for them come out. They then reverse engineer a patch to create a hack. After that, it's just a matter of going after the unpatched machines.
There is a good chance that your organization has already implemented a patch management system. But patch management systems do not completely solve the vulnerability problem, because they do not have control over machines that are not part of your organization. In today's world, more and more people are using two, three, or more different clients to access e-mail.
Top 10 best practices for securing e-mail clients
#1: Patch your clients
#2: Configure antivirus software to scan your e-mail clients
#3: Use anti-malware software
#4: Quarantine attachments
#5: Don't be a sucker
#6: Disable unsigned macros
#7: Use Outlook's Junk E-mail filter or install spam-filtering software
#8: Just be plain
#9: Learn to read (e-mail headers, that is)
#10: Digitally sign and encrypt e-mails
|ABOUT THE AUTHOR:|
| Richard Luckett, Vice President and Senior Consultant, Ajettix Security
Richard Luckett is a Microsoft Certified Systems Engineer on the Windows NT 4.0, 2000 and 2003 platforms and has been certified on Exchange since version 4.0. He is the co-author of Administering Exchange 2000 Server, published by McGraw Hill, and has written four Exchange courses, Introduction to Exchange 2000, and Hands-on Exchange 2003, Ultimate Exchange Server 2003 and Exchange Server 2003 Administrator Boot Camp for Global Knowledge Inc. Richard is currently Vice President and Senior Consultant for Ajettix Security, where he is the head of the Microsoft security practice.