Electronic mail is one of the most widely used applications in every company. Its functionality rarely varies across platforms and it is also one of the most easily targeted applications for attack.
E-mail is susceptible to various attacks as listed below:
Spoofing:
is a form of identity theft in which a hacker attempts to defeat authentication. The hacker tries forging an email header to make it appear as if it came from somewhere or someone other than the actual source. Spoofing allows the hacker to assume a different identity.
Malicious code attachments:
This is typically sent via email with the intent of damaging the recipient system.
Inappropriate mail:
This typically consists of Spam - Mass mailing information in the form of unwanted e-mail, generally of a bulk or commercial nature
 |
 |
Chain Letters - Messages that tell recipients to forward multiple copies which leads to an exponentially increase in the circulation of the message. Chain letters are recognizable, some are illegal and contain a hoax. |
Do's
A Typical Email Policy
|
All users shall be provided with an email address for use while in service with us after authorization from the respective authorities. |
|
|
Appropriate security measures shall be implemented based on risk assessment for providing web based email access. |
|
|
All E-mails can be treated as “Contractual” and every user shall remain accountable for mails sent by him / her. |
|
|
Important emails need to be suitably archived for later references. |
|
|
The copies of emails for senior management shall be stored on the mail server and regular backups shall be taken. |
|
|
Email service shall be mainly used for business use. Limited personal use is acceptable as long as it does not hamper the organization's functioning and interest. |
|
|
All emails created, sent, or received using our facility, are the property of the organization. The Management has the right to access all email files created, received or stored on our system without prior notification to the respective user. |
|
|
Management reserves the right to disclose all communications, including text and images, to law enforcement agencies or other third parties without prior consent of either the sender or the receiver. |
|
|
Users shall not send or knowingly receive any material that is obscene, defamatory or derogatory and is intended to harass, annoy or intimidate another person. |
|
|
User shall not represent personal opinions by using organizational email ids. |
|
|
All emails containing sensitive or confidential information should be encrypted suitably. |
|
|
All incoming and outgoing emails shall be checked for virus infection.
|
|
|
Use of our email system to transmit messages or attachments mentioned below is prohibited at all cost and is subject to disciplinary action.
- Sending intimidating or harassing mails or junk and spam mails
- Purposefully sending virus infected emails
- Participating in chain or pyramid mails
- Sending sexually abusive/pornographic pictures, texts, audio/video through e-mails
- Sending messages/files/communications against any caste, religion or race. Users shall use their own mail account to send messages
|
|
|
All users shall comply with organization's “Acceptable Usage Guidelines” published in the manual. |
|
|
While forwarding the email, no user shall modify / alter the contents of the original / earlier mails. |
|
