E-mail administration. It's the IT function that requires little time, minimal expertise and all users are appreciative...
of it, right?
As much as we IT folks like to think we've got things under control, things happen. E-mail servers crash, hard drives fill up due to message overload and viruses infect systems. When it comes to keeping e-mail systems running smoothly, I'm not much of a believer in the so-called accidents or dreaded computer "glitches" that companies attribute computer incidents to in the media.
I think most e-mail problems occur due to a series of poor choices over time.
I've made many bad IT choices over the years -- as many of us have. Making mistakes is certainly the best way to learn what works and what doesn't. I want to share with you the biggest blunders I've made and witnessed over the years that can derail the smooth operation of one of your most critical business applications -- your e-mail -- in no time flat.
If you can focus on not making these mistakes, you, your e-mail and your users can all coexist safely and soundly.
Blunder #1: You don't have a contingency plan
It's easy to forget just how critical your e-mail system is to your organization. All it takes is a hacker or malware attack to take it all down and turn your name or your company's name into dirt.
Make sure your e-mail systems (servers and workstations) are included in your organization's incident response and business continuity plans.
Also, don't forget to have a backup e-mail administrator or consultant who knows the system (configuration, passwords) in case something happens to you.
Blunder #2: You think that content filtering and monitoring are IT issues
No matter how much you love to play Big Brother by monitoring e-mail content, leave it up to human resources (HR) or other management. Your job is to help implement and manage the content filtering technology that enables others to perform this HR function -- period.
Speaking of HR, you've got to establish regular communication with them, especially in larger organizations. A breakdown in communications with HR can be one of the most frustrating things you can experience as an e-mail administrator. If you don't know who just joined the company, who is going to be out for a while and who quit or got fired, bad things can and will happen eventually.
Blunder #4: You devote too much time to spam
Focusing your valuable efforts on filtering spam is the best way to turn spam into a security nightmare. Dedicate your "spam time" to researching, implementing and managing a spam filtering system so you can focus on other security issues. Also, if your spam filtering system allows it, empower users to clean out their own spam. This can save you the valuable time that you can use to clean out your own inbox.
Blunder #5: You don't test backups
I know, I know. This is about as tiring as hearing about the importance of security policies. However obvious, test your e-mail backups often to make sure the data will be there when you need it. I guarantee you won't be sorry.
Blunder #6: You take the security and privacy of e-mails for granted
E-mail servers are often the point of entry into your network. Make your e-mail server(s) your most highly secured systems. Of course, client security is critical, too, so make sure malware protection software (antivirus, anti-spyware and whatever else comes next) is loaded and the systems are hardened. Just remember to balance security with usability so that users can get their jobs done.
Blunder #7: You are behind on maintenance tasks
Time is of the essence here -- yet there never seems to be enough of it. The first critical maintenance task that comes to mind is to actively monitor your e-mail storage space, especially if you're not limiting it at the user level.
Hint: One of the best ways to cut down on storage space problems is to educate users on how to send links to files stored on the network via e-mail instead of attaching the file to the e-mail itself. The other critical maintenance task that's often mismanaged is the application of critical security patches. As with spam, put a patch management system in place and let it do most of the grunt work for you.
Blunder #8: You overlook data retention requirements
The mandates for retaining e-mail messages as business records should come from the higher-ups and legal counsel. You still can and should help evaluate, recommend and implement document management or other retention systems to help support the cause. E-mail discovery and forensics is a very messy process. Solid retention procedures will help everyone if the need arises -- especially you!
Whether you only perform e-mail administration or it's one of many areas you're responsible for, a lot is on the line. You can help prevent e-mail administration mistakes by thinking things through before you act. Don't feel ashamed or get discouraged if something goes awry.
Learn from your experiences (and mine) to make positive changes, and you might just be able keep the e-mail monster under control.
Kevin Beaver is founder and principal consultant of Principle Logic LLC, which specializes in information security. He is the co-author of the new book, The Practical Guide to HIPAA Privacy and Security Compliance. He can be reached at firstname.lastname@example.org.