Why Default Spam Filters Are Not Enough

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

Whether you connect to an on-premise email server or use Cloud-based email servicesspam-mail like G Suite or Office 365, if you rely on the built-in spam filtering that comes with your mail service, you are leaving yourself exposed to email borne threats.

Microsoft Outlook users who rely on the built-in junk mail features face the same lack of truly robust spam filtering. Here’s why.

Most built-in spam filtering technologies use basic methods to identify what may be spam. This often leads to legitimate email messages being missed or outright deleted. An effective corporate spam filter layers in multiple techniques and technologies to keep you safe from email borne threats of all types, not just spam. These systems also layer in additional security features that are not part of built-in spam filtering solutions.

A robust corporate spam filtering solution should block the majority of spam destined for your inbox, preventing it from reaching your mailbox, as opposed to simply moving it to a junk folder within your mailbox. The key concept here is in preventing the spam from even getting to your email server, whether on-premise or hosted. It should provide a daily report of everything it captured as spam, so you are able to release anything legitimate that was caught. Most will even allow you to get a notification in real time whenever your spam filter traps a spam email. It should also provide inbound and outbound spam protection to alert your IT team should someone on the corporate email system become infected with malware that tries to send spam from a corporate email account. It happens.

Other features of a robust corporate spam filtering solution include detailed logging and reporting, the ability for users to tune their personal settings for optimal protection. One size does not fit all when it comes to spam filtering. Most email administrators will setup a default filtering level that will work for most people, but allow individual users to fine tune settings to their needs.

Continuity and disaster recovery are another set of features. The key to effective continuity is to ensure email flows even if internet access is lost, or if your corporate email system is down. Effective email continuity allows you to continue to send and receive email, which prevents any sender from receiving a bounce message that your mailbox is unreachable. Another key to this type of service is that it is seamless to the user, available via a web portal or within the mailbox they work with daily.

Disaster recovery extends the continuity service to maintain email communication through some form of disaster that would otherwise take these services offline. By leveraging geographically dispersed data centers to run these services, providers of these services can maintain their services through local internet, power or other outages, including something as extreme as a fire that destroys an office. Once normal services are restored, the disaster recovery service will seamlessly switch back and deliver all email received during the outage back to the primary system.

A concept often referred to as sandboxing is another advanced feature. In effect, when a user receives an email with an attachment, that attachment is removed from the message, moved to a sandbox and tested for any threats. If the attachment is safe, it is moved back to the original message and that message is delivered to the intended recipient. If the attachment is not safe, it is stripped from the message and the recipient is notified of the threat. This is an effective defense against malware and ransomware, where an attachment carries a malicious program or link that when opened, infects the user’s computer. This type of active, inline testing is the best known defense against this type of threat.

Finally, email encryption and archiving are integral parts of a complete solution. So much communication takes place via email that it is easy to email protected information, be it personal, health related or financial. Email encryption can prevent this information from being sent via email, or automatically encrypt it, when found, to protect the information. If you are a regulated entity in the health care or financial space, this is critical to have in place. Regulators are continually cracking down on this and fines are becoming quite steep for violations.

Email archiving keeps a copy of every message sent and received. This may be for convenience, as in not maintaining a large mailbox of everything you send and receive, or for compliance. In the case of convenience, it is far easier to search an email archive for older messages than it is to maintain them within your day-to-day email program. For compliance, archiving retains messages for defined period of time to meet regulatory requirements around reproducing communication threads. This is often referred to as eDiscovery. If you are regulated by the SEC, NASD, IDA, HIPAA, SOX, FRCP or others, you are required to have this in place.

Hopefully, this will help you ensure you more than just a basic spam filtering solution in place. It’s important to understand everything that a solution like this should encompass, not just to keep you safe, but also to keep you compliant.

 

Leave a Reply

%d bloggers like this: