Oct 21, 2014
What / Why E-mail?What / Why E-mail?
Daily Necessity Daily Necessity Essential for our SurvivalEssential for our Survival
Personal and Corporate emailsPersonal and Corporate emailsPlethora / type of emailsPlethora / type of emails
ID and Passwords!!ID and Passwords!!Security and PrivacySecurity and Privacy
Security / Use awarenessSecurity / Use awareness
What is Security ?What is Security ?
ConfidentialityConfidentialityAvailabilityAvailability
IntegrityIntegrityPrivacyPrivacy
Meet Business ObjectivesMeet Business ObjectivesEffectiveness of ResourcesEffectiveness of Resources
Efficiency of ManpowerEfficiency of ManpowerOptimization of ResourcesOptimization of Resources
On an un-auspicious day...On an un-auspicious day...
Threats of Email SystemsThreats of Email SystemsSending of unauthorized messagesSending of unauthorized messages
Leakage of Confidential or sensitive data to un-known Leakage of Confidential or sensitive data to un-known external sourcesexternal sources
Malware infilteration through emailMalware infilteration through email
Message Sniffed across networkMessage Sniffed across network
Unsure, if message reached destinationUnsure, if message reached destination
Only 1 in 5 emails sent was legitimate (76% is spam)Only 1 in 5 emails sent was legitimate (76% is spam)http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf
Allowed free use of gmail, yahoo, hotmail etc in corporatesAllowed free use of gmail, yahoo, hotmail etc in corporates
Allowed access of email on mobile devices iPad, Smart Allowed access of email on mobile devices iPad, Smart Phones, Notebooks, Web Access (Outside of Corporate LAN Phones, Notebooks, Web Access (Outside of Corporate LAN Defence Systems)Defence Systems)
Email ChallengesEmail ChallengesSync with multiple devices and systemsSync with multiple devices and systems
Email data Traffic ManagementEmail data Traffic Management
Remembering multiple passwordsRemembering multiple passwords
Management of backup of PST files, email data foldersManagement of backup of PST files, email data folders
Growing email storage needs of each userGrowing email storage needs of each user
Duplicated emails with attachment across usersDuplicated emails with attachment across users
Email audit trailsEmail audit trails
Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, Irrelevant 1-2 word email traffic such as Ok, Seen, Thx, GA, CU, Good Night, Recd etc, etc, etcGA, CU, Good Night, Recd etc, etc, etc
Email Infrastructure complexity and management challengesEmail Infrastructure complexity and management challenges
Archival, Retrieval and Redundancy (DR) challengesArchival, Retrieval and Redundancy (DR) challenges
Email – Weakest link...UsersEmail – Weakest link...UsersHave on average > 2-3 email accountsHave on average > 2-3 email accounts
Retain all email history since BCRetain all email history since BC
Delete KEY is infrequently used for unwanted emailsDelete KEY is infrequently used for unwanted emails
Confidential data remains in email content and attachments in Confidential data remains in email content and attachments in multiple forwarded accountsmultiple forwarded accounts
Pressure IT if email systems down for more than 5 minutesPressure IT if email systems down for more than 5 minutes
Allow push email on all devices, 24x7Allow push email on all devices, 24x7
Saved password in Browsers, Smartphones, Tabs etc (Also use Saved password in Browsers, Smartphones, Tabs etc (Also use WhatsApp, TrueCaller, Viber simultaneously)WhatsApp, TrueCaller, Viber simultaneously)
Use email to communicate with collegues across desks (Verbal Use email to communicate with collegues across desks (Verbal communication is reducing)communication is reducing)
More Email CulpritsMore Email CulpritsAutomated alerts from Email, Backup, Automated alerts from Email, Backup, Firewall Systems, Applications, BMSFirewall Systems, Applications, BMS
Help Desk Systems and Support Teams Help Desk Systems and Support Teams (Playing football with calls)(Playing football with calls)
Send Read / Receipt for each emailSend Read / Receipt for each email
Food for thought
In 1964, 38 people in Queens, New York, witnessed the murder of one of their neighbors, a young woman named Kitty Genovese. A serial killer attacked and stabbed Genovese late one night outside her apartment house, and these 38 neighbors later admitted to hearing her screams; at least three said they saw part of the attack take place. Yet no one intervened.Social Psychologists call this phenomena the Bystander Problem or Bystander Dilemma or Bystander Effect. I believe the same effect happens in “Reply All” email communication.
Denial of Email Systems..Aside from annoying a lot of people – all at once – ‘Reply to All’ abuse
can bring enterprises to a screeching halt as messaging servers attempt to process the onslaught of email – as the U.S. State Department found out in January.When a U.S. State Department employee accidentally sent a blank email to a global distribution list of thousands, an email storm ensued.Some recipients used ‘Reply-to-All’ to demand to be removed from the list. Others used ‘Reply to All' to tell their co-workers, in often less than diplomatic language, to stop responding to the entire group using ‘Reply-to-All.’ Some users then compounded the problem by trying to recall their initial replies. The recall generated another round of messages to the entire group.Senior officials became involved as the huge volume of email resulted in a major denial-of-service and, we suspect, a huge drop in worker productivity.
* Denial of Service is when mail servers stop working due to overload attack.
Email Stats
Detail 2012 2016
Total Email A/cs 3.3 bn 4.3 bn
Business Email a/c 989 mn 1078 mn
Consumer Email a/c 2970 mn 3548 mn
Business Email / day 100.5 bn 123.9 bn
Consumer Email / Day 82.5 bn 77.5 bn (-)
Source: http://www.radicati.com/?p=9659
Email: Where are we today? Email: Where are we today? Traffic Across InternetTraffic Across Internet
Email: Where are we today? - Email: Where are we today? - InfrastructureInfrastructure
Email: Where are we today?Email: Where are we today?Our work StyleOur work Style
Email: Where are we today?Email: Where are we today?Daily Work Plan ...out of WindowDaily Work Plan ...out of Window
Email: Where are we today?Email: Where are we today?Looking For Futuristic SolutionLooking For Futuristic Solution
Email Servers and YOU.Email Servers and YOU.
Key Controls - Email Security
Appropriate management of email Infrastructure
– Confidentiality, Integrity and Availability
Effective and Efficient use of resources to meet Business ObjectivesAwarenesss and Implementation of Email ettiquettes
Email – Information Security
Hardening of Email Servers, InfrastructureEnable allowed ports and servicesEnable Spam, Virus protectionMail relay controlsSize and email traffic quotasPassword PoliciesMonitoring of Logs,
Exceptions and abnormal behavior
Performance
Build ISP link, Infrastructure Redundancy to maintain Email Systems in HA mode
Encrypt emails when relaying sensitive dataApplicable Need to Know and Use rules on Data
Drives in LAN as per data classificationImplement Email Acceptable use policiesImplement email retention policiesImplement Data Leak Protection tools / methodsMonitor user activities
Email – Information SecurityEmail – Information Security
Effective and Efficient use to meet Business Objectives
Reduce loads on Online and backup storage needs
Delete past data as per retention policy
Set user quota
Disallow attachments of large size > 5 MB even in LAN (Use temporary file shares)
Reduce or manage Fixed / Mobile devices accessing emails
Reduce Internet traffic Stress
Utilize and manage time for better productivity
Email: Awareness and EttiquettesUnderstand Cyber Crime and Criminals are out there to
fool, cheat, excite or even SCARE you
Verify sender email address
Do not open attachments from unknown Sender or Not Relevant Subject
Reply All – Use in special situations only
Do not Reply all with attachements
Delete forwarded message trails contents, where not relevant (Remove attachments in case of reminders etc)
Use strong and complex passwords
Restrict attachment size (1 or 2 mb)
Do not initiate or forward unwanted chain mails
Delete emails older than 2 years
Check and re-check subject, contents, attachments, recepients before sending
Limit personal use of Business email accounts
Act on emails not forward (pass the buck)
Yes your email reaches destination, avoid sending Did you Get it? Ok Please Confirm? Are you Sure?
Use Read Receipts as Optional and not mandatory
Email: Awareness and EttiquettesEmail: Awareness and Ettiquettes
Whats happening in other Corporates?
Email etiquette(s) are being taught
Companies Disabling 'Reply-All' Button, Rather Than Dealing With Inane Email
Threads - The latest to do so is Nielsen, which did so with a cheery memo to staff explaining why this would "reduce non-essential messages in mailboxes, freeing up our time as
well as server space." That's one way to think about it.
Email – Our Achievement
Email – Can get messy!
Email – Working style of some...
Email – working style of some of us....
Email – Please take care !
Just a plain Thanks.(No Thank you emails)
We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT
Strategy consulting areas.
Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things.
We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world.
We shall be happy to discuss your requirements,Look forward.
Sanjiv Arora, CISA, CISM, CGEIT, CHPSEContact Cell +91 98102 93733, e-mail – [email protected], www.tech-controls.com