SlideShare une entreprise Scribd logo

Email Security Essentials

Télécharger en tant que PPT, PDF
Sanjiv Arora
Sanjiv Arora

The document discusses email security and best practices. It notes that email is essential for daily work but poses security risks like unauthorized access, data leakage, and malware infiltration. It recommends configuring email servers securely, establishing policies for email use and retention, monitoring for anomalies, and educating users on secure email practices. Overall, the document emphasizes the importance of securing email infrastructure while enabling effective and appropriate use of email to meet business objectives.

TechnologieBusiness
1  sur  30
Email Security Presented by Sanjiv Arora, CISA, CISM, CGEIT, CHPSE sa@tech-controls.com +91 9810293733
What / Why E-mail?What / Why E-mail? Daily NecessityDaily Necessity Essential for our SurvivalEssential for our Survival Personal and Corporate emailsPersonal and Corporate emails Plethora / type of emailsPlethora / type of emails ID and Passwords!!ID and Passwords!! Security and PrivacySecurity and Privacy Security / Use awarenessSecurity / Use awareness
What is Security ?What is Security ? ConfidentialityConfidentiality AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy Meet Business ObjectivesMeet Business Objectives Effectiveness of ResourcesEffectiveness of Resources Efficiency of ManpowerEfficiency of Manpower Optimization of ResourcesOptimization of Resources
On an un-auspicious day...On an un-auspicious day...
Threats of Email SystemsThreats of Email Systems Sending of unauthorized messagesSending of unauthorized messages Leakage of Confidential or sensitive data to un-knownLeakage of Confidential or sensitive data to un-known external sourcesexternal sources Malware infilteration through emailMalware infilteration through email Message Sniffed across networkMessage Sniffed across network Unsure, if message reached destinationUnsure, if message reached destination Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam) http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates Allowed access of email on mobile devices iPad, SmartAllowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LANPhones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
Email ChallengesEmail Challenges Sync with multiple devices and systemsSync with multiple devices and systems Email data Traffic ManagementEmail data Traffic Management Remembering multiple passwordsRemembering multiple passwords Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders Growing email storage needs of each userGrowing email storage needs of each user Duplicated emails with attachment across usersDuplicated emails with attachment across users Email audit trailsEmail audit trails Irrelevant 1-2 word email traffic such as Ok, Seen, Thx,Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
Email – Weakest link...UsersEmail – Weakest link...Users Have on average > 2-3 email accountsHave on average > 2-3 email accounts Retain all email history since BCRetain all email history since BC Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails Confidential data remains in email content and attachments inConfidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes Allow push email on all devices, 24x7Allow push email on all devices, 24x7 Saved password in Browsers, Smartphones, Tabs etc (Also useSaved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously) Use email to communicate with collegues across desks (VerbalUse email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
More Email CulpritsMore Email Culprits Automated alerts from Email, Backup,Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS Help Desk Systems and Support TeamsHelp Desk Systems and Support Teams (Playing football with calls)(Playing football with calls) Send Read / Receipt for each emailSend Read / Receipt for each email
Food for thought In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened. Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
Denial of Email Systems.. Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January. When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued. Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group. Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity. * Denial of Service is when mail servers stop working due to overload attack.
Email Stats Detail 2012 2016 Total Email A/cs 3.3 bn 4.3 bn Business Email a/c 989 mn 1078 mn Consumer Email a/c 2970 mn 3548 mn Business Email / day 100.5 bn 123.9 bn Source: http://www.radicati.com/?p=9659
Email: Where are we today?Email: Where are we today? Traffic Across InternetTraffic Across Internet
Email: Where are we today? -Email: Where are we today? - InfrastructureInfrastructure
Email: Where are we today?Email: Where are we today? Our work StyleOur work Style
Email: Where are we today?Email: Where are we today? Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
Email: Where are we today?Email: Where are we today? Looking For Futuristic SolutionLooking For Futuristic Solution
Email Servers and YOU.Email Servers and YOU.
Key Controls - Email Security Appropriate management of email Infrastructure – Confidentiality, Integrity and Availability Effective and Efficient use of resources to meet Business Objectives Awarenesss and Implementation of Email ettiquettes
Email – Information Security Hardening of Email Servers, Infrastructure Enable allowed ports and services Enable Spam, Virus protection Mail relay controls Size and email traffic quotas Password Policies Monitoring of Logs, Exceptions and abnormal behavior Performance Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
Encrypt emails when relaying sensitive data Applicable Need to Know and Use rules on Data Drives in LAN as per data classification Implement Email Acceptable use policies Implement email retention policies Implement Data Leak Protection tools / methods Monitor user activities Email – Information SecurityEmail – Information Security
Effective and Efficient use to meet Business Objectives Reduce loads on Online and backup storage needs Delete past data as per retention policy Set user quota Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares) Reduce or manage Fixed / Mobile devices accessing emails Reduce Internet traffic Stress Utilize and manage time for better productivity
Email: Awareness and Ettiquettes Understand Cyber Crime and Criminals are out there to fool, cheat, excite or even SCARE you Verify sender email address Do not open attachments from unknown Sender or Not Relevant Subject Reply All – Use in special situations only Do not Reply all with attachements Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc) Use strong and complex passwords
Restrict attachment size (1 or 2 mb) Do not initiate or forward unwanted chain mails Delete emails older than 2 years Check and re-check subject, contents, attachments, recepients before sending Limit personal use of Business email accounts Act on emails not forward (pass the buck) Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure? Use Read Receipts as Optional and not mandatory Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
Whats happening in other Corporates? Email etiquette(s) are being taught Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as well as server space." That's one way to think about it.
Email – Our Achievement
Email – Can get messy!
Email – Working style of some...
Email – working style of some of us....
Email – Please take care !
Just a plain Thanks. (No Thank you emails) We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora, CISA, CISM, CGEIT, CHPSE Contact Cell +91 98102 93733, e-mail – sa@tech-controls.com, www.tech-controls.com

Recommandé

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 

Recommandé

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 

Contenu connexe

Tendances

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentationWan Solo
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
 

Tendances (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Email security
Email securityEmail security
Email security
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
Email security
Email securityEmail security
Email security
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentation
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
 

En vedette

Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Simple mail transfer protocol
Simple mail transfer protocolSimple mail transfer protocol
Simple mail transfer protocolAnagha Ghotkar
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer ProtocolRajan Pandey
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Luis Alfredo Sanchez
 

En vedette (13)

Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 
Network security
Network securityNetwork security
Network security
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Simple mail transfer protocol
Simple mail transfer protocolSimple mail transfer protocol
Simple mail transfer protocol
 
Email Security Overview
Email Security OverviewEmail Security Overview
Email Security Overview
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
 
Secure electronic transaction (set)
Secure electronic transaction (set)Secure electronic transaction (set)
Secure electronic transaction (set)
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)
 
Smtp
SmtpSmtp
Smtp
 

Similaire à Email Security Essentials

The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
 
Cyber security and emails presentation refined
Cyber security and emails presentation refinedCyber security and emails presentation refined
Cyber security and emails presentation refinedWan Solo
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppAndy Denmark
 
Valueleaf technology features
Valueleaf technology featuresValueleaf technology features
Valueleaf technology featuresShweta Jain
 
Email established keys privacy
Email established keys privacyEmail established keys privacy
Email established keys privacyNagaVarthini
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2Infusionsoft
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquetteFOTIM
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquetteFOTIM
 
Osterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsOsterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsShawn Ebbs
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
The Path to the Inbox Part 1
The Path to the Inbox Part 1The Path to the Inbox Part 1
The Path to the Inbox Part 1Infusionsoft
 
Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations ZixMailEncryption.com
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolVishal Kumar
 
Email ppt
Email pptEmail ppt
Email pptmelgade
 
Deliverability webinar ppt show
Deliverability webinar ppt showDeliverability webinar ppt show
Deliverability webinar ppt showInformz
 
Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)IJCSIS Research Publications
 

Similaire à Email Security Essentials (20)

Email
EmailEmail
Email
 
The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...
 
Cyber security and emails presentation refined
Cyber security and emails presentation refinedCyber security and emails presentation refined
Cyber security and emails presentation refined
 
Sendgrid Deliverability Guide
Sendgrid Deliverability GuideSendgrid Deliverability Guide
Sendgrid Deliverability Guide
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web App
 
Valueleaf technology features
Valueleaf technology featuresValueleaf technology features
Valueleaf technology features
 
Email established keys privacy
Email established keys privacyEmail established keys privacy
Email established keys privacy
 
Deliverability ebook.pdf
Deliverability ebook.pdfDeliverability ebook.pdf
Deliverability ebook.pdf
 
The Path to the Inbox Part 2
The Path to the Inbox Part 2The Path to the Inbox Part 2
The Path to the Inbox Part 2
 
Email bagging
Email baggingEmail bagging
Email bagging
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Osterman_research_MessagingPlatforms
Osterman_research_MessagingPlatformsOsterman_research_MessagingPlatforms
Osterman_research_MessagingPlatforms
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 
The Path to the Inbox Part 1
The Path to the Inbox Part 1The Path to the Inbox Part 1
The Path to the Inbox Part 1
 
Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations Importance Of Email Encryption In Organizations
Importance Of Email Encryption In Organizations
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Email ppt
Email pptEmail ppt
Email ppt
 
Deliverability webinar ppt show
Deliverability webinar ppt showDeliverability webinar ppt show
Deliverability webinar ppt show
 
Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)Electronic Mail Security (University of Jeddah, Saudi Arabia)
Electronic Mail Security (University of Jeddah, Saudi Arabia)
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Email Security Essentials

  • 1. Email Security Presented by Sanjiv Arora, CISA, CISM, CGEIT, CHPSE sa@tech-controls.com +91 9810293733
  • 2. What / Why E-mail?What / Why E-mail? Daily NecessityDaily Necessity Essential for our SurvivalEssential for our Survival Personal and Corporate emailsPersonal and Corporate emails Plethora / type of emailsPlethora / type of emails ID and Passwords!!ID and Passwords!! Security and PrivacySecurity and Privacy Security / Use awarenessSecurity / Use awareness
  • 3. What is Security ?What is Security ? ConfidentialityConfidentiality AvailabilityAvailability IntegrityIntegrity PrivacyPrivacy Meet Business ObjectivesMeet Business Objectives Effectiveness of ResourcesEffectiveness of Resources Efficiency of ManpowerEfficiency of Manpower Optimization of ResourcesOptimization of Resources
  • 4. On an un-auspicious day...On an un-auspicious day...
  • 5. Threats of Email SystemsThreats of Email Systems Sending of unauthorized messagesSending of unauthorized messages Leakage of Confidential or sensitive data to un-knownLeakage of Confidential or sensitive data to un-known external sourcesexternal sources Malware infilteration through emailMalware infilteration through email Message Sniffed across networkMessage Sniffed across network Unsure, if message reached destinationUnsure, if message reached destination Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam) http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates Allowed access of email on mobile devices iPad, SmartAllowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LANPhones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
  • 6. Email ChallengesEmail Challenges Sync with multiple devices and systemsSync with multiple devices and systems Email data Traffic ManagementEmail data Traffic Management Remembering multiple passwordsRemembering multiple passwords Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders Growing email storage needs of each userGrowing email storage needs of each user Duplicated emails with attachment across usersDuplicated emails with attachment across users Email audit trailsEmail audit trails Irrelevant 1-2 word email traffic such as Ok, Seen, Thx,Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
  • 7. Email – Weakest link...UsersEmail – Weakest link...Users Have on average > 2-3 email accountsHave on average > 2-3 email accounts Retain all email history since BCRetain all email history since BC Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails Confidential data remains in email content and attachments inConfidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes Allow push email on all devices, 24x7Allow push email on all devices, 24x7 Saved password in Browsers, Smartphones, Tabs etc (Also useSaved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously) Use email to communicate with collegues across desks (VerbalUse email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
  • 8. More Email CulpritsMore Email Culprits Automated alerts from Email, Backup,Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS Help Desk Systems and Support TeamsHelp Desk Systems and Support Teams (Playing football with calls)(Playing football with calls) Send Read / Receipt for each emailSend Read / Receipt for each email
  • 9. Food for thought In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened. Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
  • 10. Denial of Email Systems.. Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January. When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued. Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group. Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity. * Denial of Service is when mail servers stop working due to overload attack.
  • 11. Email Stats Detail 2012 2016 Total Email A/cs 3.3 bn 4.3 bn Business Email a/c 989 mn 1078 mn Consumer Email a/c 2970 mn 3548 mn Business Email / day 100.5 bn 123.9 bn Source: http://www.radicati.com/?p=9659
  • 12. Email: Where are we today?Email: Where are we today? Traffic Across InternetTraffic Across Internet
  • 13. Email: Where are we today? -Email: Where are we today? - InfrastructureInfrastructure
  • 14. Email: Where are we today?Email: Where are we today? Our work StyleOur work Style
  • 15. Email: Where are we today?Email: Where are we today? Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
  • 16. Email: Where are we today?Email: Where are we today? Looking For Futuristic SolutionLooking For Futuristic Solution
  • 17. Email Servers and YOU.Email Servers and YOU.
  • 18. Key Controls - Email Security Appropriate management of email Infrastructure – Confidentiality, Integrity and Availability Effective and Efficient use of resources to meet Business Objectives Awarenesss and Implementation of Email ettiquettes
  • 19. Email – Information Security Hardening of Email Servers, Infrastructure Enable allowed ports and services Enable Spam, Virus protection Mail relay controls Size and email traffic quotas Password Policies Monitoring of Logs, Exceptions and abnormal behavior Performance Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
  • 20. Encrypt emails when relaying sensitive data Applicable Need to Know and Use rules on Data Drives in LAN as per data classification Implement Email Acceptable use policies Implement email retention policies Implement Data Leak Protection tools / methods Monitor user activities Email – Information SecurityEmail – Information Security
  • 21. Effective and Efficient use to meet Business Objectives Reduce loads on Online and backup storage needs Delete past data as per retention policy Set user quota Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares) Reduce or manage Fixed / Mobile devices accessing emails Reduce Internet traffic Stress Utilize and manage time for better productivity
  • 22. Email: Awareness and Ettiquettes Understand Cyber Crime and Criminals are out there to fool, cheat, excite or even SCARE you Verify sender email address Do not open attachments from unknown Sender or Not Relevant Subject Reply All – Use in special situations only Do not Reply all with attachements Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc) Use strong and complex passwords
  • 23. Restrict attachment size (1 or 2 mb) Do not initiate or forward unwanted chain mails Delete emails older than 2 years Check and re-check subject, contents, attachments, recepients before sending Limit personal use of Business email accounts Act on emails not forward (pass the buck) Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure? Use Read Receipts as Optional and not mandatory Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
  • 24. Whats happening in other Corporates? Email etiquette(s) are being taught Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as well as server space." That's one way to think about it.
  • 25. Email – Our Achievement
  • 26. Email – Can get messy!
  • 27. Email – Working style of some...
  • 28. Email – working style of some of us....
  • 29. Email – Please take care !
  • 30. Just a plain Thanks. (No Thank you emails) We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora, CISA, CISM, CGEIT, CHPSE Contact Cell +91 98102 93733, e-mail – sa@tech-controls.com, www.tech-controls.com