SlideShare une entreprise Scribd logo

Email Security Essentials

Télécharger en tant que PPT, PDF
Sanjiv Arora
Sanjiv Arora

The document discusses email security and best practices. It notes that email is essential for daily work but poses security risks like unauthorized access, data leakage, and malware infiltration. It recommends configuring email servers securely, establishing policies for email use and retention, monitoring for anomalies, and educating users on secure email practices. Overall, the document emphasizes the importance of securing email infrastructure while enabling effective and appropriate use of email to meet business objectives.

TechnologieBusiness
1  sur  30
Email Security Presented by Sanjiv Arora, CISA, CISM, CGEIT, CHPSE sa@tech-controls.com +91 9810293733
What / Why E-mail?What / Why E-mail? Daily NecessityDaily Necessity Essential for our SurvivalEssential for our Survival Personal and Corporate emailsPersonal and Corporate emails Plethora / type of emailsPlethora / type of emails ID and Passwords!!ID and Passwords!! Security and PrivacySecurity and Privacy Security / Use awarenessSecurity / Use awareness
What is Security ?What is Security ? ConfidentialityConfidentiality AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy Meet Business ObjectivesMeet Business Objectives Effectiveness of ResourcesEffectiveness of Resources Efficiency of ManpowerEfficiency of Manpower Optimization of ResourcesOptimization of Resources
On an un-auspicious day...On an un-auspicious day...
Threats of Email SystemsThreats of Email Systems Sending of unauthorized messagesSending of unauthorized messages Leakage of Confidential or sensitive data to un-knownLeakage of Confidential or sensitive data to un-known external sourcesexternal sources Malware infilteration through emailMalware infilteration through email Message Sniffed across networkMessage Sniffed across network Unsure, if message reached destinationUnsure, if message reached destination Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam) http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates Allowed access of email on mobile devices iPad, SmartAllowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LANPhones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
Email ChallengesEmail Challenges Sync with multiple devices and systemsSync with multiple devices and systems Email data Traffic ManagementEmail data Traffic Management Remembering multiple passwordsRemembering multiple passwords Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders Growing email storage needs of each userGrowing email storage needs of each user Duplicated emails with attachment across usersDuplicated emails with attachment across users Email audit trailsEmail audit trails Irrelevant 1-2 word email traffic such as Ok, Seen, Thx,Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
Email – Weakest link...UsersEmail – Weakest link...Users Have on average > 2-3 email accountsHave on average > 2-3 email accounts Retain all email history since BCRetain all email history since BC Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails Confidential data remains in email content and attachments inConfidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes Allow push email on all devices, 24x7Allow push email on all devices, 24x7 Saved password in Browsers, Smartphones, Tabs etc (Also useSaved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously) Use email to communicate with collegues across desks (VerbalUse email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
More Email CulpritsMore Email Culprits Automated alerts from Email, Backup,Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS Help Desk Systems and Support TeamsHelp Desk Systems and Support Teams (Playing football with calls)(Playing football with calls) Send Read / Receipt for each emailSend Read / Receipt for each email
Food for thought In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened. Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
Denial of Email Systems.. Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January. When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued. Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group. Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity. * Denial of Service is when mail servers stop working due to overload attack.
Email Stats Detail 2012 2016 Total Email A/cs 3.3 bn 4.3 bn Business Email a/c 989 mn 1078 mn Consumer Email a/c 2970 mn 3548 mn Business Email / day 100.5 bn 123.9 bn Source: http://www.radicati.com/?p=9659
Email: Where are we today?Email: Where are we today? Traffic Across InternetTraffic Across Internet
Email: Where are we today? -Email: Where are we today? - InfrastructureInfrastructure
Email: Where are we today?Email: Where are we today? Our work StyleOur work Style
Email: Where are we today?Email: Where are we today? Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
Email: Where are we today?Email: Where are we today? Looking For Futuristic SolutionLooking For Futuristic Solution
Email Servers and YOU.Email Servers and YOU.
Key Controls - Email Security Appropriate management of email Infrastructure – Confidentiality, Integrity and Availability Effective and Efficient use of resources to meet Business Objectives Awarenesss and Implementation of Email ettiquettes
Email – Information Security Hardening of Email Servers, Infrastructure Enable allowed ports and services Enable Spam, Virus protection Mail relay controls Size and email traffic quotas Password Policies Monitoring of Logs, Exceptions and abnormal behavior Performance Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
Encrypt emails when relaying sensitive data Applicable Need to Know and Use rules on Data Drives in LAN as per data classification Implement Email Acceptable use policies Implement email retention policies Implement Data Leak Protection tools / methods Monitor user activities Email – Information SecurityEmail – Information Security
Effective and Efficient use to meet Business Objectives Reduce loads on Online and backup storage needs Delete past data as per retention policy Set user quota Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares) Reduce or manage Fixed / Mobile devices accessing emails Reduce Internet traffic Stress Utilize and manage time for better productivity
Email: Awareness and Ettiquettes Understand Cyber Crime and Criminals are out there to fool, cheat, excite or even SCARE you Verify sender email address Do not open attachments from unknown Sender or Not Relevant Subject Reply All – Use in special situations only Do not Reply all with attachements Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc) Use strong and complex passwords
Restrict attachment size (1 or 2 mb) Do not initiate or forward unwanted chain mails Delete emails older than 2 years Check and re-check subject, contents, attachments, recepients before sending Limit personal use of Business email accounts Act on emails not forward (pass the buck) Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure? Use Read Receipts as Optional and not mandatory Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
Whats happening in other Corporates? Email etiquette(s) are being taught Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as well as server space." That's one way to think about it.
Email – Our Achievement
Email – Can get messy!
Email – Working style of some...
Email – working style of some of us....
Email – Please take care !
Just a plain Thanks. (No Thank you emails) We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora, CISA, CISM, CGEIT, CHPSE Contact Cell +91 98102 93733, e-mail – sa@tech-controls.com, www.tech-controls.com

Recommandé

Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email security
Email securityEmail security
Email securityMohammed Hilal
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 

Recommandé

Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email security
Email securityEmail security
Email securityMohammed Hilal
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Email Security: The Threat Landscape
Email Security: The Threat LandscapeEmail Security: The Threat Landscape
Email Security: The Threat LandscapeNuspire Networks
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Email Spoofing.pptx
Email Spoofing.pptxEmail Spoofing.pptx
Email Spoofing.pptxMumara Campaigns
 
Email security
Email securityEmail security
Email securitykumarviji
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptxVSAM Technologies India Private Limited
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Spam
Spam Spam
Spam Senchu Thomas
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
E-commerce security.ppt
E-commerce security.pptE-commerce security.ppt
E-commerce security.pptSusan130641
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
Network security
Network securityNetwork security
Network securityDhaval Kaneria
 

Contenu connexe

Tendances

Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Email Security: The Threat Landscape
Email Security: The Threat LandscapeEmail Security: The Threat Landscape
Email Security: The Threat LandscapeNuspire Networks
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Email security
Email securityEmail security
Email securitykumarviji
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
E-commerce security.ppt
E-commerce security.pptE-commerce security.ppt
E-commerce security.pptSusan130641
 

Tendances (20)

Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Security threats
Security threatsSecurity threats
Security threats
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Email Security: The Threat Landscape
Email Security: The Threat LandscapeEmail Security: The Threat Landscape
Email Security: The Threat Landscape
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Email Spoofing.pptx
Email Spoofing.pptxEmail Spoofing.pptx
Email Spoofing.pptx
 
Email security
Email securityEmail security
Email security
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrime
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Spam
Spam Spam
Spam
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing
PhishingPhishing
Phishing
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
E-commerce security.ppt
E-commerce security.pptE-commerce security.ppt
E-commerce security.ppt
 

En vedette

Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Simple mail transfer protocol
Simple mail transfer protocolSimple mail transfer protocol
Simple mail transfer protocolAnagha Ghotkar
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer ProtocolRajan Pandey
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Luis Alfredo Sanchez
 

En vedette (12)

Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 
Network security
Network securityNetwork security
Network security
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Simple mail transfer protocol
Simple mail transfer protocolSimple mail transfer protocol
Simple mail transfer protocol
 
Email Security Overview
Email Security OverviewEmail Security Overview
Email Security Overview
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
 
Secure electronic transaction (set)
Secure electronic transaction (set)Secure electronic transaction (set)
Secure electronic transaction (set)
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)
 
Smtp
SmtpSmtp
Smtp
 

Similaire à Email Security Essentials

The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
 
Cyber security and emails presentation refined
Cyber security and emails presentation refinedCyber security and emails presentation refined
Cyber security and emails presentation refinedWan Solo
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppAndy Denmark
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Valueleaf technology features
Valueleaf technology featuresValueleaf technology features
Valueleaf technology featuresShweta Jain
 
Email established keys privacy
Email established keys privacyEmail established keys privacy
Email established keys privacyNagaVarthini
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2Infusionsoft
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquetteFOTIM
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquetteFOTIM
 
Osterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsOsterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsShawn Ebbs
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
The Path to the Inbox Part 1
The Path to the Inbox Part 1The Path to the Inbox Part 1
The Path to the Inbox Part 1Infusionsoft
 
Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations ZixMailEncryption.com
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolVishal Kumar
 
Email ppt
Email pptEmail ppt
Email pptmelgade
 
Deliverability webinar ppt show
Deliverability webinar ppt showDeliverability webinar ppt show
Deliverability webinar ppt showInformz
 

Similaire à Email Security Essentials (20)

Email
EmailEmail
Email
 
The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...
 
Cyber security and emails presentation refined
Cyber security and emails presentation refinedCyber security and emails presentation refined
Cyber security and emails presentation refined
 
Sendgrid Deliverability Guide
Sendgrid Deliverability GuideSendgrid Deliverability Guide
Sendgrid Deliverability Guide
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web App
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentation
 
Valueleaf technology features
Valueleaf technology featuresValueleaf technology features
Valueleaf technology features
 
Email established keys privacy
Email established keys privacyEmail established keys privacy
Email established keys privacy
 
Deliverability ebook.pdf
Deliverability ebook.pdfDeliverability ebook.pdf
Deliverability ebook.pdf
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2
 
Email bagging
Email baggingEmail bagging
Email bagging
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Osterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsOsterman_research_MessagingPlatforms
Osterman_research_MessagingPlatforms
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 
The Path to the Inbox Part 1
The Path to the Inbox Part 1The Path to the Inbox Part 1
The Path to the Inbox Part 1
 
Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Email ppt
Email pptEmail ppt
Email ppt
 
Deliverability webinar ppt show
Deliverability webinar ppt showDeliverability webinar ppt show
Deliverability webinar ppt show
 

Dernier

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Dernier (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Email Security Essentials

  • 1. Email Security Presented by Sanjiv Arora, CISA, CISM, CGEIT, CHPSE sa@tech-controls.com +91 9810293733
  • 2. What / Why E-mail?What / Why E-mail? Daily NecessityDaily Necessity Essential for our SurvivalEssential for our Survival Personal and Corporate emailsPersonal and Corporate emails Plethora / type of emailsPlethora / type of emails ID and Passwords!!ID and Passwords!! Security and PrivacySecurity and Privacy Security / Use awarenessSecurity / Use awareness
  • 3. What is Security ?What is Security ? ConfidentialityConfidentiality AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy Meet Business ObjectivesMeet Business Objectives Effectiveness of ResourcesEffectiveness of Resources Efficiency of ManpowerEfficiency of Manpower Optimization of ResourcesOptimization of Resources
  • 4. On an un-auspicious day...On an un-auspicious day...
  • 5. Threats of Email SystemsThreats of Email Systems Sending of unauthorized messagesSending of unauthorized messages Leakage of Confidential or sensitive data to un-knownLeakage of Confidential or sensitive data to un-known external sourcesexternal sources Malware infilteration through emailMalware infilteration through email Message Sniffed across networkMessage Sniffed across network Unsure, if message reached destinationUnsure, if message reached destination Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam) http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates Allowed access of email on mobile devices iPad, SmartAllowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LANPhones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
  • 6. Email ChallengesEmail Challenges Sync with multiple devices and systemsSync with multiple devices and systems Email data Traffic ManagementEmail data Traffic Management Remembering multiple passwordsRemembering multiple passwords Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders Growing email storage needs of each userGrowing email storage needs of each user Duplicated emails with attachment across usersDuplicated emails with attachment across users Email audit trailsEmail audit trails Irrelevant 1-2 word email traffic such as Ok, Seen, Thx,Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
  • 7. Email – Weakest link...UsersEmail – Weakest link...Users Have on average > 2-3 email accountsHave on average > 2-3 email accounts Retain all email history since BCRetain all email history since BC Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails Confidential data remains in email content and attachments inConfidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes Allow push email on all devices, 24x7Allow push email on all devices, 24x7 Saved password in Browsers, Smartphones, Tabs etc (Also useSaved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously) Use email to communicate with collegues across desks (VerbalUse email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
  • 8. More Email CulpritsMore Email Culprits Automated alerts from Email, Backup,Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS Help Desk Systems and Support TeamsHelp Desk Systems and Support Teams (Playing football with calls)(Playing football with calls) Send Read / Receipt for each emailSend Read / Receipt for each email
  • 9. Food for thought In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened. Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
  • 10. Denial of Email Systems.. Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January. When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued. Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group. Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity. * Denial of Service is when mail servers stop working due to overload attack.
  • 11. Email Stats Detail 2012 2016 Total Email A/cs 3.3 bn 4.3 bn Business Email a/c 989 mn 1078 mn Consumer Email a/c 2970 mn 3548 mn Business Email / day 100.5 bn 123.9 bn Source: http://www.radicati.com/?p=9659
  • 12. Email: Where are we today?Email: Where are we today? Traffic Across InternetTraffic Across Internet
  • 13. Email: Where are we today? -Email: Where are we today? - InfrastructureInfrastructure
  • 14. Email: Where are we today?Email: Where are we today? Our work StyleOur work Style
  • 15. Email: Where are we today?Email: Where are we today? Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
  • 16. Email: Where are we today?Email: Where are we today? Looking For Futuristic SolutionLooking For Futuristic Solution
  • 17. Email Servers and YOU.Email Servers and YOU.
  • 18. Key Controls - Email Security Appropriate management of email Infrastructure – Confidentiality, Integrity and Availability Effective and Efficient use of resources to meet Business Objectives Awarenesss and Implementation of Email ettiquettes
  • 19. Email – Information Security Hardening of Email Servers, Infrastructure Enable allowed ports and services Enable Spam, Virus protection Mail relay controls Size and email traffic quotas Password Policies Monitoring of Logs, Exceptions and abnormal behavior Performance Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
  • 20. Encrypt emails when relaying sensitive data Applicable Need to Know and Use rules on Data Drives in LAN as per data classification Implement Email Acceptable use policies Implement email retention policies Implement Data Leak Protection tools / methods Monitor user activities Email – Information SecurityEmail – Information Security
  • 21. Effective and Efficient use to meet Business Objectives Reduce loads on Online and backup storage needs Delete past data as per retention policy Set user quota Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares) Reduce or manage Fixed / Mobile devices accessing emails Reduce Internet traffic Stress Utilize and manage time for better productivity
  • 22. Email: Awareness and Ettiquettes Understand Cyber Crime and Criminals are out there to fool, cheat, excite or even SCARE you Verify sender email address Do not open attachments from unknown Sender or Not Relevant Subject Reply All – Use in special situations only Do not Reply all with attachements Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc) Use strong and complex passwords
  • 23. Restrict attachment size (1 or 2 mb) Do not initiate or forward unwanted chain mails Delete emails older than 2 years Check and re-check subject, contents, attachments, recepients before sending Limit personal use of Business email accounts Act on emails not forward (pass the buck) Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure? Use Read Receipts as Optional and not mandatory Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
  • 24. Whats happening in other Corporates? Email etiquette(s) are being taught Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as well as server space." That's one way to think about it.
  • 25. Email – Our Achievement
  • 26. Email – Can get messy!
  • 27. Email – Working style of some...
  • 28. Email – working style of some of us....
  • 29. Email – Please take care !
  • 30. Just a plain Thanks. (No Thank you emails) We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora, CISA, CISM, CGEIT, CHPSE Contact Cell +91 98102 93733, e-mail – sa@tech-controls.com, www.tech-controls.com