Cisco Blogs

Protecting your small business starts with email security

August 31, 2010 - 0 Comments

Every morning before I leave the house, I do a quick security check: Are the windows closed? Is the back door locked? Is the garage door down? I even take a quick look at the front door to make sure my husband hasn’t left his keys in the lock again.

Securing your small business might not be as simple as returning an errant set of keys to your forgetful partner, but it definitely starts with locking down all possible entry points; physical and virtual. You need to install security devices and software at every point on your network by which someone from the outside could gain access to your company data. For most small businesses, the first place to start is email security.

Results from the recently released Cisco 2010 Midyear Security Report indicate the need for increasing vigilance in battening down the email hatches. The study found that companies of all sizes are struggling to secure networks that are increasingly mobile, especially as more employees use their personal smartphones to do business-related tasks, such as checking work email. Also, social networking sites like Facebook (and the games played on those sites) increasingly expose users to dangerous spam emails and nefarious websites. In addition, the Cisco report found that the amount of spam sent around the world will increase 30 percent in 2010 compared to last year, with the U.S. being the country originating the largest amount of spam.

Spam Trends by Originating Country

Have you found all of the possible entry points by which a cyber-criminal might gain access to your company? It’s critical information!

Securing your email protects your network
Email security is paramount. Businesses like yours rely on email to communicate among employees as well as with customers and partners, but it can allow anyone in the world to drop dangerous data into your small business network. Hackers love to wreak havoc on networks by mass emailing spam and viruses, which can disable servers and PCs. And those disruptions caused by spam and viruses can cost your company in lost productivity and revenues as well as damage your reputation with customers.

There are two types of security solutions that every small business needs to protect its email and networks from spam and viruses–anti-spam and anti-virus software. Anti-spam software (also referred to as spam blocker) stops unwanted emails at the server and prevents them from being delivered to users’ inboxes. Anti-virus software recognizes the code that was used to create a virus and then stops the virus from spreading across your network from a  PC or server that was infected via an email or website.

You have more choices than ever when it comes to deploying these types of security solutions. Many vendors offer both anti-virus and anti-spam software either as individual products or bundled together (often with other Web security tools). You can purchase just the software and install it yourself on an email server or you can install a security appliance which comes with anti-spam and anti-virus software already installed. Or, if you don’t have the necessary technical resources in-house, you can contract with a hosted service to manage your email security for you.

How anti-spam and anti-virus solutions work
Anti-spam and anti-virus solutions sit on your network between your firewall and your email server, or on the email server itself, and scan all incoming traffic before forwarding it to users’ inboxes. These solutions work by identifying dangerous data in incoming messages and separate them from the rest of your email traffic so that the infected messages can’t be acted on by unsuspecting employees.

Any anti-spam software you purchase should include a quarantine feature that lets you create a safe place to filter and store emails that might not be spam, such as newsletters from reliable sources, but that raise the spam filter’s flags. In general, an anti-spam solution should provide plenty of flexibility in setting spam filters to catch spam coming into the server. Your anti-spam software also should block spam-related threats like phishing attacks, which use email to get users to reveal sensitive information, such as user names and passwords.

Anti-virus software should be installed on every workstation, laptop, and smartphone that has access to your network in addition to an anti-virus gateway installed on or near the email server. The anti-virus program should be regularly updated by your vendor with new, known virus signatures. As well, you should keep an eye on your vendor’s website for current threat levels and newly discovered viruses.

Your anti-virus solution should provide different options for handling infected email, including quarantining and deleting the messages. Don’t just rely on the software to catch viruses as they come in, though. Make sure employees are conducting regular scans of their computers in case any malware has made it past your defenses.

Email security is critical to the well-being of your small business. Small businesses are just as likely, if not more so, to be attacked by hackers with viruses and other malware as larger companies–and the losses can be significant. In Symantec’s recent 2010 SMB Information Protection Survey, 50 percent of respondents said they’ve suffered losses due to cyber-attacks, including network downtime and theft of corporate and customer financial data as well as identity theft. Hackers count on small businesses assuming they’re safe, and that’s another point of entry cyber-criminals can exploit to their benefit.

What steps have you taken to secure your company’s email?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.