This article is mainly aimed at SMBs IT/network administrators or just business administrators (in most small businesses the IT guys have several positions). While searching on the internet for answers on several basic security questions, I couldn’t find a well dedicated resource, except for the mambo-jambo copy+pasted all around the internet. I will continue with a series of articles until i succeed in covering all the issues regarding email security and functionality.
So let’s start with the basics. Here’s the normal electronic messaging flow and the stakeholders:
Your company – that’s you. You can have only 3 email addresses or 3000 thousand. The threats are the same.
Internet, partners, friends…. = everybody who’s receiving your messages or who sending electronic messages to your email accounts.
Normally, any useful email (received contracts, contact, request etc) has to be securely stored so that you can easily find it in the future. Moreover, in some countries (e.g Germany), due to regulations, you have to keep your emails securely archived.
I have heard, so many times, that small companies (unlike corporations or medium companies) don’t need advanced security solutions for their electronic messaging. I must say that they are wrong. Think about it: as a small company, every single contact/ customer is essential. 2 extra customers can make the difference from bankruptcy to a secure financial quarter. Hence, no small company should assume this risk. Any inexperienced employee can be the victim of a pishing attack. And this could lead to bankruptcy.
Let’s make a list with the threats and situations that could lead to serious problems incurred by your company:
Inbound receiving messages threats: SPAM, PISHING, Malware attached to spam messages, illegal content, confidential content being sent by mistake
Outbound threats: illegal attachments (that could lead a negative image of your company and, more important, blacklisting of your domain)
Archive – this is also an important issue: any document needs to be securely stored; also, you need to make sure that you can easily find it when you need it. Back-up of these documents is also a crucial factor: just imagine what could happen if the local hard suddenly burnt and you lost all your important contacts.
I will discuss, further in these series, all these issues described above. It is also important to understand the trends that the threats follow.
An important fact is the operational aspect of the electronic messaging flow within a company.
Here’s the simplified figure that you should focus on:
Basically, the SMTP Server is the one that grabs all the messages from the internet and distributes them to the dedicated email accounts. Probably, the most used, SMTP Server is MS Exchange. Emails are grabbed to/from your inbox (email client) by using POP3 or IMAP protocols. There are multiple situations here: you may want to collect your emails from 10 different email accounts and filter them against malware, or you may want to filter all emails, on the server side, so that your users (employees) don’t have to think too much about malware. It depends entirely on your option. We will discuss these options further on. Other situations, like using Windows Server 2008 (if you are using SharePoint) and not having access to POP3 protocol anymore (it is well known that Windows Server 2008 is not “equipped” with POP3 protocol).
We will discuss all these situations in a later article from this series. Also, there is the possibility to have all your emailing in the clouds – which seems to be the current trend for SMBs. We will discuss the advantages and disadvantages of such a solution.
If you are familiar with all the above announced terms, we invite to try a very successful email gateway: Visendo Mail Checker Server, a SMTP Extender and a very efficient POP3/ IMAP collector – Visendo popConnect.
For further details on Visendo Email Solutions, read this whitepaper. Also you could check the configuration guide for Visendo SMTP Extender (a very simple, efficient and free SMTP extender for those using Windows Server 2008).