SlideShare ist ein Scribd-Unternehmen logo

Email Security Essentials

Als PPT, PDF herunterladen
Sanjiv Arora
Sanjiv Arora

The document discusses email security and best practices. It notes that email is essential for daily work but poses security risks like unauthorized access, data leakage, and malware infiltration. It recommends configuring email servers securely, establishing policies for email use and retention, monitoring for anomalies, and educating users on secure email practices. Overall, the document emphasizes the importance of securing email infrastructure while enabling effective and appropriate use of email to meet business objectives.

TechnologieBusiness
1 von 30
Email Security Presented by Sanjiv Arora, CISA, CISM, CGEIT, CHPSE sa@tech-controls.com +91 9810293733
What / Why E-mail?What / Why E-mail? Daily NecessityDaily Necessity Essential for our SurvivalEssential for our Survival Personal and Corporate emailsPersonal and Corporate emails Plethora / type of emailsPlethora / type of emails ID and Passwords!!ID and Passwords!! Security and PrivacySecurity and Privacy Security / Use awarenessSecurity / Use awareness
What is Security ?What is Security ? ConfidentialityConfidentiality AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy Meet Business ObjectivesMeet Business Objectives Effectiveness of ResourcesEffectiveness of Resources Efficiency of ManpowerEfficiency of Manpower Optimization of ResourcesOptimization of Resources
On an un-auspicious day...On an un-auspicious day...
Threats of Email SystemsThreats of Email Systems Sending of unauthorized messagesSending of unauthorized messages Leakage of Confidential or sensitive data to un-knownLeakage of Confidential or sensitive data to un-known external sourcesexternal sources Malware infilteration through emailMalware infilteration through email Message Sniffed across networkMessage Sniffed across network Unsure, if message reached destinationUnsure, if message reached destination Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam) http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates Allowed access of email on mobile devices iPad, SmartAllowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LANPhones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
Email ChallengesEmail Challenges Sync with multiple devices and systemsSync with multiple devices and systems Email data Traffic ManagementEmail data Traffic Management Remembering multiple passwordsRemembering multiple passwords Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders Growing email storage needs of each userGrowing email storage needs of each user Duplicated emails with attachment across usersDuplicated emails with attachment across users Email audit trailsEmail audit trails Irrelevant 1-2 word email traffic such as Ok, Seen, Thx,Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
Email – Weakest link...UsersEmail – Weakest link...Users Have on average > 2-3 email accountsHave on average > 2-3 email accounts Retain all email history since BCRetain all email history since BC Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails Confidential data remains in email content and attachments inConfidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes Allow push email on all devices, 24x7Allow push email on all devices, 24x7 Saved password in Browsers, Smartphones, Tabs etc (Also useSaved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously) Use email to communicate with collegues across desks (VerbalUse email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
More Email CulpritsMore Email Culprits Automated alerts from Email, Backup,Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS Help Desk Systems and Support TeamsHelp Desk Systems and Support Teams (Playing football with calls)(Playing football with calls) Send Read / Receipt for each emailSend Read / Receipt for each email
Food for thought In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened. Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
Denial of Email Systems.. Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January. When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued. Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group. Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity. * Denial of Service is when mail servers stop working due to overload attack.
Email Stats Detail 2012 2016 Total Email A/cs 3.3 bn 4.3 bn Business Email a/c 989 mn 1078 mn Consumer Email a/c 2970 mn 3548 mn Business Email / day 100.5 bn 123.9 bn Source: http://www.radicati.com/?p=9659
Email: Where are we today?Email: Where are we today? Traffic Across InternetTraffic Across Internet
Email: Where are we today? -Email: Where are we today? - InfrastructureInfrastructure
Email: Where are we today?Email: Where are we today? Our work StyleOur work Style
Email: Where are we today?Email: Where are we today? Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
Email: Where are we today?Email: Where are we today? Looking For Futuristic SolutionLooking For Futuristic Solution
Email Servers and YOU.Email Servers and YOU.
Key Controls - Email Security Appropriate management of email Infrastructure – Confidentiality, Integrity and Availability Effective and Efficient use of resources to meet Business Objectives Awarenesss and Implementation of Email ettiquettes
Email – Information Security Hardening of Email Servers, Infrastructure Enable allowed ports and services Enable Spam, Virus protection Mail relay controls Size and email traffic quotas Password Policies Monitoring of Logs, Exceptions and abnormal behavior Performance Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
Encrypt emails when relaying sensitive data Applicable Need to Know and Use rules on Data Drives in LAN as per data classification Implement Email Acceptable use policies Implement email retention policies Implement Data Leak Protection tools / methods Monitor user activities Email – Information SecurityEmail – Information Security
Effective and Efficient use to meet Business Objectives Reduce loads on Online and backup storage needs Delete past data as per retention policy Set user quota Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares) Reduce or manage Fixed / Mobile devices accessing emails Reduce Internet traffic Stress Utilize and manage time for better productivity
Email: Awareness and Ettiquettes Understand Cyber Crime and Criminals are out there to fool, cheat, excite or even SCARE you Verify sender email address Do not open attachments from unknown Sender or Not Relevant Subject Reply All – Use in special situations only Do not Reply all with attachements Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc) Use strong and complex passwords
Restrict attachment size (1 or 2 mb) Do not initiate or forward unwanted chain mails Delete emails older than 2 years Check and re-check subject, contents, attachments, recepients before sending Limit personal use of Business email accounts Act on emails not forward (pass the buck) Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure? Use Read Receipts as Optional and not mandatory Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
Whats happening in other Corporates? Email etiquette(s) are being taught Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as well as server space." That's one way to think about it.
Email – Our Achievement
Email – Can get messy!
Email – Working style of some...
Email – working style of some of us....
Email – Please take care !
Just a plain Thanks. (No Thank you emails) We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora, CISA, CISM, CGEIT, CHPSE Contact Cell +91 98102 93733, e-mail – sa@tech-controls.com, www.tech-controls.com

Empfohlen

Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Email security
Email securityEmail security
Email securitySultanErbo
 

Empfohlen

Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Email security
Email securityEmail security
Email securitySultanErbo
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Identity theft
Identity theftIdentity theft
Identity theftEqhball Ghazizadeh
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Spamming
SpammingSpamming
SpammingYash Shrivastava
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Password management
Password managementPassword management
Password managementWilmington University
 
Email threats
Email threatsEmail threats
Email threatsShivam Tomar
 
Email security
Email securityEmail security
Email securityMohammed Hilal
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharyasankhadeep
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
Email hacking
Email hackingEmail hacking
Email hackingShreyaBhoje
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 

Weitere ähnliche Inhalte

Was ist angesagt?

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharyasankhadeep
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 

Was ist angesagt? (20)

Email security
Email securityEmail security
Email security
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Spamming
SpammingSpamming
Spamming
 
Email security
Email securityEmail security
Email security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Email security
Email securityEmail security
Email security
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Password management
Password managementPassword management
Password management
 
Email threats
Email threatsEmail threats
Email threats
 
Email security
Email securityEmail security
Email security
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharya
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
Email hacking
Email hackingEmail hacking
Email hacking
 

Andere mochten auch

Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Simple mail transfer protocol
Simple mail transfer protocolSimple mail transfer protocol
Simple mail transfer protocolAnagha Ghotkar
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer ProtocolRajan Pandey
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Luis Alfredo Sanchez
 

Andere mochten auch (13)

Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 
Network security
Network securityNetwork security
Network security
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Simple mail transfer protocol
Simple mail transfer protocolSimple mail transfer protocol
Simple mail transfer protocol
 
Email Security Overview
Email Security OverviewEmail Security Overview
Email Security Overview
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
 
Secure electronic transaction (set)
Secure electronic transaction (set)Secure electronic transaction (set)
Secure electronic transaction (set)
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)
 
Smtp
SmtpSmtp
Smtp
 

Ähnlich wie Email Security Essentials

The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
 
Cyber security and emails presentation refined
Cyber security and emails presentation refinedCyber security and emails presentation refined
Cyber security and emails presentation refinedWan Solo
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppAndy Denmark
 
Valueleaf technology features
Valueleaf technology featuresValueleaf technology features
Valueleaf technology featuresShweta Jain
 
Email established keys privacy
Email established keys privacyEmail established keys privacy
Email established keys privacyNagaVarthini
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2Infusionsoft
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquetteFOTIM
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquetteFOTIM
 
Osterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsOsterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsShawn Ebbs
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
The Path to the Inbox Part 1
The Path to the Inbox Part 1The Path to the Inbox Part 1
The Path to the Inbox Part 1Infusionsoft
 
Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations ZixMailEncryption.com
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolVishal Kumar
 
Email ppt
Email pptEmail ppt
Email pptmelgade
 
Deliverability webinar ppt show
Deliverability webinar ppt showDeliverability webinar ppt show
Deliverability webinar ppt showInformz
 
Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)IJCSIS Research Publications
 

Ähnlich wie Email Security Essentials (20)

Email
EmailEmail
Email
 
The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...
 
Cyber security and emails presentation refined
Cyber security and emails presentation refinedCyber security and emails presentation refined
Cyber security and emails presentation refined
 
Sendgrid Deliverability Guide
Sendgrid Deliverability GuideSendgrid Deliverability Guide
Sendgrid Deliverability Guide
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web App
 
Valueleaf technology features
Valueleaf technology featuresValueleaf technology features
Valueleaf technology features
 
Email established keys privacy
Email established keys privacyEmail established keys privacy
Email established keys privacy
 
Deliverability ebook.pdf
Deliverability ebook.pdfDeliverability ebook.pdf
Deliverability ebook.pdf
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2
 
Email bagging
Email baggingEmail bagging
Email bagging
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Osterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsOsterman_research_MessagingPlatforms
Osterman_research_MessagingPlatforms
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 
The Path to the Inbox Part 1
The Path to the Inbox Part 1The Path to the Inbox Part 1
The Path to the Inbox Part 1
 
Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Email ppt
Email pptEmail ppt
Email ppt
 
Deliverability webinar ppt show
Deliverability webinar ppt showDeliverability webinar ppt show
Deliverability webinar ppt show
 
Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Email Security Essentials

  • 1. Email Security Presented by Sanjiv Arora, CISA, CISM, CGEIT, CHPSE sa@tech-controls.com +91 9810293733
  • 2. What / Why E-mail?What / Why E-mail? Daily NecessityDaily Necessity Essential for our SurvivalEssential for our Survival Personal and Corporate emailsPersonal and Corporate emails Plethora / type of emailsPlethora / type of emails ID and Passwords!!ID and Passwords!! Security and PrivacySecurity and Privacy Security / Use awarenessSecurity / Use awareness
  • 3. What is Security ?What is Security ? ConfidentialityConfidentiality AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy Meet Business ObjectivesMeet Business Objectives Effectiveness of ResourcesEffectiveness of Resources Efficiency of ManpowerEfficiency of Manpower Optimization of ResourcesOptimization of Resources
  • 4. On an un-auspicious day...On an un-auspicious day...
  • 5. Threats of Email SystemsThreats of Email Systems Sending of unauthorized messagesSending of unauthorized messages Leakage of Confidential or sensitive data to un-knownLeakage of Confidential or sensitive data to un-known external sourcesexternal sources Malware infilteration through emailMalware infilteration through email Message Sniffed across networkMessage Sniffed across network Unsure, if message reached destinationUnsure, if message reached destination Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam) http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates Allowed access of email on mobile devices iPad, SmartAllowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LANPhones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
  • 6. Email ChallengesEmail Challenges Sync with multiple devices and systemsSync with multiple devices and systems Email data Traffic ManagementEmail data Traffic Management Remembering multiple passwordsRemembering multiple passwords Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders Growing email storage needs of each userGrowing email storage needs of each user Duplicated emails with attachment across usersDuplicated emails with attachment across users Email audit trailsEmail audit trails Irrelevant 1-2 word email traffic such as Ok, Seen, Thx,Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
  • 7. Email – Weakest link...UsersEmail – Weakest link...Users Have on average > 2-3 email accountsHave on average > 2-3 email accounts Retain all email history since BCRetain all email history since BC Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails Confidential data remains in email content and attachments inConfidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes Allow push email on all devices, 24x7Allow push email on all devices, 24x7 Saved password in Browsers, Smartphones, Tabs etc (Also useSaved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously) Use email to communicate with collegues across desks (VerbalUse email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
  • 8. More Email CulpritsMore Email Culprits Automated alerts from Email, Backup,Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS Help Desk Systems and Support TeamsHelp Desk Systems and Support Teams (Playing football with calls)(Playing football with calls) Send Read / Receipt for each emailSend Read / Receipt for each email
  • 9. Food for thought In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened. Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
  • 10. Denial of Email Systems.. Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January. When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued. Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group. Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity. * Denial of Service is when mail servers stop working due to overload attack.
  • 11. Email Stats Detail 2012 2016 Total Email A/cs 3.3 bn 4.3 bn Business Email a/c 989 mn 1078 mn Consumer Email a/c 2970 mn 3548 mn Business Email / day 100.5 bn 123.9 bn Source: http://www.radicati.com/?p=9659
  • 12. Email: Where are we today?Email: Where are we today? Traffic Across InternetTraffic Across Internet
  • 13. Email: Where are we today? -Email: Where are we today? - InfrastructureInfrastructure
  • 14. Email: Where are we today?Email: Where are we today? Our work StyleOur work Style
  • 15. Email: Where are we today?Email: Where are we today? Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
  • 16. Email: Where are we today?Email: Where are we today? Looking For Futuristic SolutionLooking For Futuristic Solution
  • 17. Email Servers and YOU.Email Servers and YOU.
  • 18. Key Controls - Email Security Appropriate management of email Infrastructure – Confidentiality, Integrity and Availability Effective and Efficient use of resources to meet Business Objectives Awarenesss and Implementation of Email ettiquettes
  • 19. Email – Information Security Hardening of Email Servers, Infrastructure Enable allowed ports and services Enable Spam, Virus protection Mail relay controls Size and email traffic quotas Password Policies Monitoring of Logs, Exceptions and abnormal behavior Performance Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
  • 20. Encrypt emails when relaying sensitive data Applicable Need to Know and Use rules on Data Drives in LAN as per data classification Implement Email Acceptable use policies Implement email retention policies Implement Data Leak Protection tools / methods Monitor user activities Email – Information SecurityEmail – Information Security
  • 21. Effective and Efficient use to meet Business Objectives Reduce loads on Online and backup storage needs Delete past data as per retention policy Set user quota Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares) Reduce or manage Fixed / Mobile devices accessing emails Reduce Internet traffic Stress Utilize and manage time for better productivity
  • 22. Email: Awareness and Ettiquettes Understand Cyber Crime and Criminals are out there to fool, cheat, excite or even SCARE you Verify sender email address Do not open attachments from unknown Sender or Not Relevant Subject Reply All – Use in special situations only Do not Reply all with attachements Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc) Use strong and complex passwords
  • 23. Restrict attachment size (1 or 2 mb) Do not initiate or forward unwanted chain mails Delete emails older than 2 years Check and re-check subject, contents, attachments, recepients before sending Limit personal use of Business email accounts Act on emails not forward (pass the buck) Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure? Use Read Receipts as Optional and not mandatory Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
  • 24. Whats happening in other Corporates? Email etiquette(s) are being taught Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as well as server space." That's one way to think about it.
  • 25. Email – Our Achievement
  • 26. Email – Can get messy!
  • 27. Email – Working style of some...
  • 28. Email – working style of some of us....
  • 29. Email – Please take care !
  • 30. Just a plain Thanks. (No Thank you emails) We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora, CISA, CISM, CGEIT, CHPSE Contact Cell +91 98102 93733, e-mail – sa@tech-controls.com, www.tech-controls.com