Maximizing Email Security ROI: Part II - Stop Viruses Before They Stop You

Written by CipherTrust

Continued from page 1

Lost Data

Employees are storing more and more confidential, mission-critical information on personal workstations and internal networks every day. Financial and employee records, trade secrets and internal emails are all at risk should a malicious virus choose to corrupt or destroy them.

Should any or all of this information be attacked by a virus or worm, documents stored on user machines and email servers risk destruction or corruption, rendering days or weeks worth of work useless. While some ofrepparttar work may be recoverable, help desk resource utilization and third-party forensic experts will add torepparttar 109503 total cost ofrepparttar 109504 attack.

Reputation and Credibility Erosion

Falling victim to a virus attack will likely result in lost confidence from business partners and customers and affect your enterprise’s perceived trustworthiness inrepparttar 109505 marketplace. According to Gartner, “Enterprises that spread viruses, worms, spam and denial-of-service attacks will find not only that malicious software can hinder their profitability, but also that other businesses will disconnect from them if they are considered to be risky.” While an attack may not be your fault, it is most certainly your problem.

Stay a Step Ahead ofrepparttar 109506 Enemy

Fully understandingrepparttar 109507 risks posed by viruses and worms is onlyrepparttar 109508 beginning of your battle against them. To learn how to confrontrepparttar 109509 numerous dangers to your enterprise network, read CipherTrust’s FREE whitepaper, “Next-Generation Virus Defense: An Overview of IronMail Zero-Day Virus Protection.”

Part III of this series will considerrepparttar 109510 issues involved in determining ROI for email policy enforcement as it relates to regulatory compliance, asset/IP protection, liability and reputation.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Next-Generation Virus Defense: An Overview of IronMail Zero-Day Virus Protection” or by visiting

Corporate email policies lower unnecessary legal and security risks.

Written by Anti Spam League

Continued from page 1

The role of email in Sarbanes-Oxley compliance cannot be overstated. The Sarbanes-Oxley Act of 2002 and associated rules adopted byrepparttar Securities and Exchange Commission (SEC) require certain businesses to report onrepparttar 109502 effectiveness of their internal controls over financial reporting. Effective internal controls ensure information integrity by mandatingrepparttar 109503 confidentiality, privacy, availability, controlled access, monitoring and reporting of corporate or customer financial information. Companies that must comply with Sarbanes-Oxley include U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. U.S. companies with market cap greater than $75M and on an accelerated (2004) filing deadline are required to comply for fiscal years ending on or after Nov. 15, 2004. All others are required to comply for fiscal years ending on or after April 15, 2005.

Becauserepparttar 109504 bulk of information in most corporations is created, stored, transmitted and maintained electronically, IT departments are responsible for ensuring that sound practices, including corporate wide information security policies and enforced implementation of those policies, are in place for employees at all levels. Information security policies should governrepparttar 109505 following items: •Network security •Access controls •Authentication •Encryption •Logging •Monitoring and alerting •Pre-planning coordinated incident response •Forensics Most of us would agree that today email isrepparttar 109506 primary internal and external communication tool for corporations. Unfortunately, it is also one ofrepparttar 109507 most exposed areas of a technology infrastructure. Email systems are critical to ensuring effective internal control over financial reporting, encryption of external messages and active policy enforcement, all essential elements of compliance. Companies must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur. An effective email security solution must address all aspects of controlling access to electronically stored company financial information. Givenrepparttar 109508 wide functionality of email, ensuring appropriate information access control for all of these points requires: •A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal controls; •Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages; •Secure remote access to enable remote access for authorized users while preventing access from unauthorized users; •Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties. On a final note, some clear guidelines for a good and effective email policy includerepparttar 109509 following points: a) Emails should comply withrepparttar 109510 proper RFC protocols for email, 2) Employees should not attempt to obscure content or messages in emails, 3) Companies should post privacy policies where they can be read and understood, prior to submission of a request, 4) Employees should not send email to unverified or nonexistent email addresses, 5) Companies should offer users opportunities to opt-out of programs. Given that developments in email andrepparttar 109511 Internet are changing so rapidly, it is essential to reviewrepparttar 109512 email policy at least once every quarter. Keep an eye on new developments in email and Internet law so that you are aware of any new regulations and opportunities. When you release new updates, it is preferable to have each user sign as acknowledgment of their receipt ofrepparttar 109513 policy. With all of this said, if you want to reduce electronic risks inrepparttar 109514 workplace you must takerepparttar 109515 initiative. Electronic disasters can ruin businesses, sink careers, send stock prices plummeting, and generate public relations nightmares. Do not wait for a disaster to strike; prevention is always your best defense. Visit and they will help you develop and implement written email usage and privacy policies that clearly reflect your organization's expected standards of electronic behavior, along with privacy and monitoring policies.

The purpose of the Anti SPAM League is to help consumers and business owners reduce the amount of SPAM they receive. In addition, our Anti SPAM organization believes that educating site owners in the area of SPAM prevention and ways to successfully and responsibly market their sites, is key in making a difference.

    <Back to Page 1 © 2005
Terms of Use