Scott Cressman, Product Manager of Gateway Email Security and Data Protection at Sophos (, says:

Today, communication happens in real-time so users expect email to be almost instant and any email infrastructure bottlenecks means that businesses will be impacted negatively. Now more than ever, employees are being asked to do more with less. As most employees rely heavily on email to get their jobs done, IT teams must ensure that their users’ inboxes are not bombarded by spam or made vulnerable to phishing attacks, which would slow down performance and/or infect their systems.

The fastest growing threat, however, is the danger to sensitive information – both personal identifiably information (PII) and confidential company data. Email security is just not about keeping band-width-eating spam or email threats out, but also ensuring that sensitive information does not leave the organization —be it intentionally by a disgruntled employee –or accidentally. With data of all kinds travelling like the speed of light through various means – laptops, mobile devices, etc. email is one of the riskiest avenues of communication due to the sheer daily volume of email that some employees need to send and receive.

An email security solution should facilitate sound policies rather than dictating policies. Policies need to be communicated and enforced in a consistent manner in order to help users fully understand how to work in a secure way – this obviously extends beyond email security.

Educating users on the policies that are in place as well as regularly updates all employees on best email security practices can make a significant difference in helping an organization stay secure.

Biggest issues/challenges to consider
Organization must, at the very least, have a basic email security solution in place in order to protect against spam and malware.

Some of the biggest issues and challenges to consider include:

• Quality of security: With a quality email security solution, users should be getting no more than 1-2 missed spam messages in their inbox per week – if that. IT teams shouldn’t have to conduct ongoing customization to achieve this and they shouldn’t have to perform a lot of clean-up initiatives due to spam or malware emails that made it through the email filter.
• Hidden costs: While a cheap email security solution may look good on paper, businesses must ensure that they are *not* spending countless hours administering and managing the solution or fielding calls from users with email issues or spending time troubleshooting—
This can range from looking for lost messages or handling time-consuming, disruptive upgrades.

Having visibility is also key. IT teams must make sure that there are very few grey areas or black holes created by the design of their environment or by the email security solution they’ve deployed. It should be extremely easy to find out what happened – end-to-end – to a single message once it’s entered the environment. If the IT team has trouble figuring this out, they may want to use a different solution. Visibility also means the ability to monitor the environment for potential issues. Our Sophos Email Security and Data Protection Appliance is a true “managed appliance”, meaning that it contains more than 50 monitors that will proactively alert both the administrator and Sophos Support if something goes wrong – something that could impact the level of service of the email systems. Having this means that they do not need to babysit the solution. IT will be immediately notified if something has occurred so the team can evaluate what needs attention. Email security solutions that allow various types of actionable visibility at critical times are the kind of solutions IT and data centers need.

Protecting data
Begin by monitoring potential data loss and make any necessary changes to decrease false positives and false negatives. Also monitor and understand the patterns and processes of users before enforcing any policies that could disrupt business. Make sure to focus on the low-hanging fruit first, and grow business’s data protection strategy from there.

At Sophos, we focus on integrated security and data protection solutions across the endpoint, email, and web to help enforce security and data protection policies in a simple, consistent, and effective manner. Our belief is that a patchwork of security solutions from different vendor results in increased costs associated with management overhead and dealing with inconsistencies in policies and enforcement due to various technologies and approaches to security and data protection. We believe that a business’s security vendor should own the problems associated with external threats, and provide simple, manageable tools for enforcing policies and protecting sensitive data.