As e-mail roles become more critical, there is more to securing data than what meets the eye. Are businesses today ensuring that their e-mail environment is secure? Don Ng shares his views on the subject with Rozana Sani.

Don Ng is enterprise security director at Symantec which is responsible for the Asia-Pacific region. In this role, his primary function is direct consultative engagements with customers and channels. Ng has wide experience in the region, with his last four years spent in a regional security start-up across South Asia.

Q: Why should businesses today be concerned about their e-mail environment?
A: E-mail usage has transformed how we conduct business and affects how rapidly we exchange information thus becoming a critical application service in the organisation.
As a result, e-mail security and integrity are paramount concerns, as are e-mail service availability and optimisation technologies including e-mail archiving.

Q: How real are e-mail threats?
A: E-mails are vulnerable to viruses, worms, spam, and phishing attacks. According to the Symantec Internet Security Threat Report Vol XIII (Jul – Dec 2007), spam comprises 71 per cent of the e-mail traffic monitored globally.
Closer to home, Malaysia was ranked the highest spam origin country in Southeast Asia. The same report concluded that 32 per cent of malicious codes, which often targets sensitive information, propagated in e-mail attachments.

Q: What is the current issue surrounding the adoption of e-mail security, backup and archiving among organisations today?
A: Based on an Email Health Check survey on businesses conducted by Symantec recently, many respondents do not have adequate security, backup and archiving solutions in place. Sixty-nine per cent of those who use mobile devices to access e-mail have not implemented mobile security policies in place.
The survey also reveals that 58 per cent do not have a backup strategy for active directory, while 49 per cent do not have a system recovery strategy. That means these organisations may face huge risks of losing their information in the event of a disaster or virus outbreak.
Perhaps the most critical issue identified by the survey report is that 93 per cent of respondents do not have a proper archiving solution, despite 84 per cent of respondents admitted that they confirm business orders via e-mail and 60 per cent store historical information within their e-mail system that required retrieving from time to time.

Q: What would you suggest for businesses on e-mail security?
A: They should put a strategy to control and prevent sensitive data loss that could be resulted due to a weak approach in e-mail security, backup and archiving. A data loss prevention strategy should be proactive, comprehensive and consistent across all parts of the organisation.
A comprehensive approach underpins the need for information to be protected wherever it resides, whether it is at rest, in motion or in use. This requires control points at multiple tiers, including the endpoint, gateway, network and back-end database.