How Can Email Security Aid Compliance?
By Mike Spykerman, VP of product management, OPSWAT
Several industry regulations exist that impose data security requirements on companies, such as HIPAA, Sarbanes-Oxley, as well as EU data protection regulations. These regulations require organizations to restrict employee access to sensitive customer and patient information and keep records private and secure. The Payment Card Industry Data Security Standard (PCI DSS), for instance, requires companies that process credit cards to ensure that credit card data is protected from exposure. Regardless of industry regulations, every company has the duty to keep private employee and customer information secure.
Fact Source: American Medical Association
Email security plays an important role in meeting compliancy standards and keeping private information safe. Here are six ways in which your company can improve email security to safeguard confidential data:
- Boost Malware and Spear Phishing Protection
According to the SANS Institute, 95% of enterprise data breaches start with a spear phishing attack. By effectively blocking malware and spear phishing attempts, exposure to data breaches can be greatly decreased. Because these attacks frequently utilize unknown threats or zero-day vulnerabilities, not all antivirus engines are able to detect the malware. By using multiple anti-malware engines to scan email attachments, along with email attachment sanitization that can remove embedded threats that may be missed by antivirus engines, more threats can be detected and possible breaches avoided.
- Filter Email Content
Configure filters that content check emails to ensure that they do not include any sensitive information that could be exposed. For instance by detecting and blocking emails with credit card data and social security numbers you can prevent confidential information being accidentally emailed and exposed.
- Add Company Email Footer
EU regulations require companies to add a company footer to every email, containing the company address, registration number and owner information. By configuring your email security solution to automatically add these footers to your emails, non-compliance can be avoided.
- Limit Attachment Types
Not all employees need access to all file types. Potentially dangerous email attachments such as .exe files are for instance usually only needed by IT staff. By setting limitations on the types of files that employees can receive, you can further reduce the chance of malware infections.
- Provide Secure File Transfer Alternative
Since email can easily be intercepted, it is important to provide a secure file transfer system that employees can safely and easily use to transfer sensitive documents to external parties. Implementing user authentication ensures that only the intended recipient can view the files. If possible, this solution will also integrate with your email system so that certain attachments are automatically removed from emails and sent through secure, encrypted, file transfer to ensure confidentiality.
- Train Employees
By having an employee cyber security policy and regularly training employees, you can minimize human error such as sending sensitive documents via email, including credit card data in emails, and falling for phishing and other scams.
By taking the above email security measures, your company can greatly reduce the chance of data breaches and prove that it has taken necessary measures to protect confidential information.
OPSWAT offers a number of solutions to boost email security, including Policy Patrol Security for Exchange, which includes Metascan’s powerful multi-scanning and data sanitization technologies. If you already have an email security solution, the Metascan Mail Agent can be used on top of your existing email gateway (such as Websense, IronPort, Barracuda, Symantec, Mimecast, Trend Micro, and Cisco gateways) to greatly increase your malware and spear phishing protection. Policy Patrol Secure File Transfer is a secure file transfer system that allows you to send and receive files securely, providing encryption, user authentication, tracking, auditing and Exchange Server email integration.