Secondly, CIOs need to forget about trying to deliver encryption or authentication down to the desktop level, Gordon says.
“That’s the last thing a CIO wants to do as whether you have 10 or 10,000 machines, every time you have to touch the desktop, it is going to cost you money and IT resources,” he says.
“Educating end-users about the risks helps, but do they really know when to click that authentication or encryption button? You really need to have your IT infrastructure make that decision for them based on pre-defined set of rules.”
To avoid e-mails being sent under someone else’s credentials, CIOs should look to enforce strict lock-down rules for any time a user left the vicinity of their own PC, Gordon says. Regularly updating acceptable use policies every 6-12 months also helps.
“On the e-mail side, It’s hard to blame someone for an e-mail they have received, so it’s really when e-mails are sent within and outside the organisation that they should be monitored, especially for data leakage prevention,” he says.
“On the Web side, many organisations have opened up the Web to their users in the last year of so -- particularly for social media use -- but now we are seeing people wanting to lock that down again to reduce bandwidth costs used in streaming media and flash-based video.”
SIDEBAR: MessageLab’s top 5 tips for protecting business from spoofed e-mail attacks
- Consider whether you need to encrypt all e-mail sent between your organisation and your business partners or you need to protect specific e-mails containing sensitive data including social security numbers, key words, or credit card numbers.
- Manage your organisation’s e-mail and Web liabilities with clearly written Acceptable Usage Policies supported by comprehensive and policy-based monitoring.
- Educate your staff about the risks.
- Deploy e-mail authentication technologies.
- Adopt a security solution to catch spoof e-mail threats like phishing attacks at the internet before they reach your corporate network.