As I wrote earlier this week, according to a Proofpoint survey, e-mail is the top cause of data loss for the enterprise.
In response, a commenter pointed out how this survey result shows why it is so important to have an e-mail security policy in place, one that employees are aware of, are educated to follow, and that is enforced.
The comment provided this sound advice:
Another method which acts as a suitable deterrant is mail archiving, whereby every message sent or received, externally and internally is kept and scanned. This not only reduces threats, but discourages employees from sending questionable information once they know the mail is being monitored in this manner. As a result, dismissals can occur from data breaches.
Of course, try as you might, not everyone is going to follow policy, so it also helps to have a strong e-mail security software program in place. For example, Trend Micro announced its InterScan Messaging Virtual Appliance for mail security. It helps stop threats at the gateway point.
It is also helpful if employees know the difference between good and bad e-mail (it's surprising how many people still don't recognize spam or e-mail scams). Paul Mah provided five fantastic tips on identifying spam and scams, including "mail undeliverable" messages, for which he said:
Depending on specific configurations-so as not to erroneously block legitimate warnings about unsuccessful mail delivery-some organisations might inadvertently let in more of such spam. Less savvy users who see such e-mails might be panicked into rashly clicking a link in a misguided attempt to determine the problem. While it would be unreasonable to train every employee on how to read e-mail headers, it won't be as difficult to coach them on how to watch out for bogus links embedded within such e-mails.