This is last of a five-part series on Maximizing Email Security ROI.

Throughout ages, people have encrypted communications to suit their information security needs.

In 1st century B.C., Julius Caesar didn’t trust couriers who carried his messages to trusted acquaintances. So, he replaced every A with a D, every B with an E, and so on, all way through alphabet. Only those who knew Caesar’s shift-by-three rule could decipher his messages. Over 2000 years later, we’re still trying to protect our messages from prying eyes (If you have not read CipherTrust's white paper on Privacy Architecture, you can download it free here).

In Information Age, email is primary method of communication for businesses around world. While email has become a mission-critical application, it also raises important privacy and security concerns. Sensitive personal and business communications are vulnerable to prying eyes of hackers, industrial spies and others who would love to have access to information not intended for them. Because of these risks, businesses are realizing value of encrypting their email communications to protect vital information while in transit from origin to destination.

Asset/IP protection

Enterprises that fail to adequately protect information in transit across Internet risk revealing their most vital secrets. Each unencrypted email exposes sensitive data – from confidential financial and product information to legal contracts to files that include personally identifying information such as Social Security numbers, birthdates, credit card numbers and bank account numbers.

Failure to encrypt email communication is akin to sending a digital postcard into cyberspace. Sure, there’s a chance that it will reach its destination without crossing a snooping pair of eyes, but there’s also a chance that it won’t. You wouldn’t send a postcard with your vital trade secrets, financial data and customer information on it, so why would you send an unencrypted email containing same?

Compliance and Liability

This is last of a five-part series on Maximizing Email Security ROI.

Remember your kid fears? As soon as lights went out, monsters under your bed began plotting ways to get you. Somehow, though, you always managed to outsmart them and make it through night. Then one night you grew up, and monsters went away for good.

Well, they're back. And they've unionized.

International rings of hackers, many backed by funds from organized crime groups, are new monsters hiding under your bed-only now they'll attack in broad daylight. They've realized that there's money to be made by breaking into your network-lots of money-and they want their "fair share." They have advanced degrees, financial motivation and plenty of time to figure out ways around software-based e-mail intrusion "solutions" (yes, even really, really expensive one you just installed-sorry).

Once hackers have discovered a way into your network, all bets are off. They have access to any information residing on your servers, including your customer database, employee personnel files, bank account numbers and proprietary product information. They can run denial-of-service attacks to take down mail servers and disrupt your work environment. They can hijack your servers and use them as "spam cannons," sending millions of fraudulent e-mails purporting to be from your company. In short, they can do whatever they want.

This week's newsletter will identify specific dangers posed by network intrusions and explain how keeping these new monsters from stealing digital lifeblood of your enterprise can ensure that your investment in network security is handsomely rewarded.

Determining E-mail Security ROI

When attempting to extract meaningful hard-cost data to evaluate e-mail security ROI, damages can be broken into two categories: Ongoing or Catastrophic. Ongoing costs tend to occur continually and increase in scale. For instance, a 10% increase in spam volume will result in 10% higher costs. Catastrophic costs, on other hand, are "one-and-done" losses that are intermittent but categorically high when they occur. An example of a catastrophic cost would be a single security breach that allowed theft of proprietary intellectual property, causing millions of dollars in losses. In general, failure to prevent e-mail intrusions will result in expenditures that qualify as catastrophic.

Liability

Last week's IronMail Insider discussed costs associated with allowing inappropriate material to cross enterprise gateway or pass between workstations. The lawsuits resulting from companies failing to enforce e-mail policy and being held responsible for messages crossing their networks all resulted in catastrophic costs to enterprise.