Every year people do a spring cleaning of their home, car, office or even their lives. Spring being so symbolic of renewal gives a perfect opportunity for such a task. As email administrators, we too should do a spring cleaning; but the type of cleaning we’re talking about here should happen at least quarterly.
Security is no longer something that can be addressed passively. Those responsible for email security need to take a much more proactive approach to things as the threat landscape grows increasingly more dangerous, and reviewing these items on a regular basis can help lay the foundation for that.
Clean out old accounts
Most email accounts nowadays can be closed out using Active Directory if your organization uses Exchange. But not everyone uses this mail server, and things don’t always move as quick as we would like them to. Periodically reviewing email accounts for ones that should be closed out reduces the chances that an attacker will be able to compromise one of them and can help you locate any accounts that may have been set up by a threat that has already compromised your network.
Update whitelists and blacklists
Every so often it is good to review the lists of domains, words and phrases that your email security and anti-spam filtering solutions use to keep malicious emails out. Things in security change at a rapid pace. With zero day threats and newly created phishing emails we can’t rely on the terms that filtered out junk mail years ago. After all, when was the last time you had received an email from a Nigerian prince?
Train and retrain
If your organization hires new employees throughout the year then they may have never been trained on how to spot malicious emails or what to do should they receive one. There are services out there that will assist with creating training scenarios for your employees or you can set up an in house training program, yet no matter what route you take these people still need to be educated on your organization’s policies. Make sure that you identify these people and get them up to speed.
While you are training new hires, you should also review your training with people who have already been through your training program. Education doesn’t have to mean cramming everyone into a room and giving them a 60 minute presentation on the dangers of emails. Be creative and serve it to them in bite-sized chunks.
Review what works, and what doesn’t
Often times we get locked into a solution or vendor because it has always been there. Even if that solution doesn’t meet our needs. Periodically be on the look out for new products and services that may make your email security management easier and more effective. Even if you don’t have it in your budget to switch products or vendors, you at least know what is out there for when its time to start looking at your next year’s expenditures.
Educate yourself
Take time to assess your skill set. If the last training you took on server operating systems was Windows 2000 then you might need to start thinking about updating your knowledge base. There are many opportunities available to learn more about the servers, software, hardware and security that effect email systems. Even if you struggle in getting your organization to pay for such training you can take advantage of a variety of free courses available online as well.
As spring draws to a close, now is the perfect time to make periodic “cleaning” a habit in your department. Start with what is comfortable for your organization’s culture and work from there. Eventually, these practices will become part of the office routine and people will come to expect it.
Do you have a routine set up in your organization that helps you keep security under control? If so, we would love to hear what it is you cover and how often it takes place.
Spring Cleaning for Better Security
Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators