Email Security: A Pocket Guide

Your business relies on e-mail for its everyday dealings with partners, suppliers and customers. While e-mail is an invaluable form of communication, it also represents a potential threat to your information security. E-mail could become the means for criminals to install a virus or malicious software on your computer system and fraudsters will try to use e-mails to obtain sensitive information through phishing scams.

If you want to safeguard your company’s ability to function, it is essential to have an effective e-mail security policy in place, and to ensure your staff understand the risks associated with e-mail.

This pocket guide will help businesses to address the most important issues. Its comprehensive approach covers both the technical and the managerial aspects of the subject, offering valuable insights for IT professionals, managers and executives, as well as for individual users of e-mail.

• Defend your business from attack
  The pocket guide covers the various types of threat to which e-mail may expose your organisation, and offers advice on how to counter social engineering by raising staff awareness.

• Use email clients to improve security
  The client is the computer programme that manages the user’s e-mail. Malicious e-mails often operate through attachment files that infect computer systems with malware when downloaded. This pocket guide explains how you can enhance your information security by configuring the e-mail client to block attachments or to limit their size. 

• Preserve confidentiality
  What kind of information should you include in an e-mail? How do you know that the e-mail will not be intercepted by a third party after you have sent it? This guide looks at countermeasures you can take to ensure that your e-mails only reach the intended recipient, and how to preserve confidentiality through the use of encryption.

• Protect your company’s reputation
  Crude jokes, obscene language or sexist remarks can have an adverse effect on your organisation’s reputation when they are found in e-mails sent out by your employees from their work account. This pocket guide offers advice on how to create an acceptable use policy to ensure that employee use of e-mail in the workplace does not end up embarrassing your organisation.   

The pocket guide provides a concise reference to the main security issues affecting those that deploy and use e-mail to support their organisations, considering e-mail in terms of its significance in a business context, and focusing upon why effective security policy and safeguards are crucial in ensuring the viability of business operations. 

About the authors:

Professor Steven Furnell is Professor of Information Systems Security and Head of School at the University of Plymouth’s Centre for Security, Communications and Network Research.  He is the author of Mobile Security: A Pocket Guide (2009), also published by IT Governance.

Dr Paul Dowland is Senior Lecturer in Information Systems Security at the University of Plymouth’s Centre for Security, Communications and Network Research. He is the author or editor of over 70 research publications.