Email content filtering is an Exchange security component that has been around for well over a decade. Given our growing reliance on cloud-based file sharing and social media as an alternative means of communication, it's easy to overlook this older technology. The tons of emails each of us deal with on a daily basis serve as a big distraction as well. But we still cannot forget the importance of this invaluable security control.
Whether you use an in-house or cloud-based email content filtering system, you need to be on the lookout for these seven things so nothing slips through the cracks.
1. Many people in management don't fully understand what can be lost via email. Many also don't realize how easy it is to exfiltrate or remove sensitive information this way. There is often no political or financial support provided to ensure that this filtering is being done properly, even though those in management are likely the ones creating the most risks. Get the word out about what these people need to do and find a way to keep them on board.
2. Email-related security breaches aren't all about hacking and unauthorized use. Accidental misuse, e.g., emailing an unencrypted spreadsheet with patient healthcare information, is just as likely. You have to set your end users up for success. They may be unaware that email content filtering is taking place, and they may need a reminder of what they should and shouldn't do when they handle sensitive information.
3. Your documented security policies might say one thing, but the way your content filter is configured and managed could say something else. You can have some of the best policies in the world, but if your content filtering system isn't aligned with what you say you're doing and what really needs to be done, it's creating a false sense of security. Match your security policies to content filtering configuration and management.
4. Compliance managers, auditors and executives might assume that anything considered sensitive is automatically encrypted when sent or received via email. This is often not the case. Make sure they know this.
5. Whoever is responsible for overseeing email content filtering is likely slammed with other commitments. The potential of being overwhelmed by other tasks means that email content filtering likely isn't getting the attention it needs. Spend the time to do the filtering right.
6. Most email content filtering systems aren't vetted and thoroughly tested for security flaws. Blind trust in email security vendors can be dangerous. I've found plenty of security gotchas over the years because I use good tools and know where to look for the problems. Email content filtering systems need to be fair game for penetration tests just like any other system or application in your environment.
7. Many email content filtering systems are running with out-of-the-box settings -- no tweaking, customization or unique rules for the business or specific data sets. This is risky. Know what risks your organization faces and make sure your policies and technologies follow suit.
I wrote my first book on email management and security over a decade ago, and little has changed since then. You may have a good handle on spam, and you no doubt have some of the latest and greatest information security controls on your network with intrusion prevention, security information and event management or data loss prevention. However, odds are you're overlooking something and sensitive information is flying under the radar when it comes to email messages.
About the author:
Kevin Beaver has worked for himself for more than 11 years as an information security consultant, expert witness and professional speaker at Atlanta-based Principle Logic LLC. With more than 25 years of experience in the industry, he specializes in performing independent security assessments revolving around information risk management. He is the author and co-author of many books, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking for Dummies.