How do we allow an email with password protected attachments securely over an email gateway like Cisco Ironport, Fortimail etc.?

Security Strategy & Roadmap IT Strategy & Roadmap

3.7k views2 Comments

Sort by:

Group Director of Information Security in Banking8 months ago

You have couple of options. Explore if you can allow specific users or groups (e.g., finance or legal teams) that require sending or receiving such files and define exceptions for them in the policy.

or, educate trustworthy users (I know it's a bit dichotomous in times when everyone is talking about zero trust architecture) to include an agreed-upon subject line or header that indicates the attachment is expected and password-protected (e.g., "[Secure Attachment]") and create an encryption bypass policy rule if the gateway vendor supports it.

Regularly monitor and audit the usage of encrypted attachments being allowed. Track patterns to identify potential misuse or suspicious activity. Create alerts for an unusual volume of password-protected attachments from a particular user or to specific recipients.

Finally, if vendor support is not available or they are unable to answer your query, try ChatGPT.

Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech9 months ago

NIST offers guidance on securely handling email communications, including password-protected attachments, by recommending encryption methods to protect the confidentiality and integrity of files. For detailed information on securing email systems, you can refer to NIST's guidelines at this link: https://doi.org/10.6028/NIST.SP.800-177r1.

Content you might like

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

Yes65%

No35%

I’m looking for a “Ransom Consideration Matrix” to use as a supplement to a ransomware response decision tree. Ideally, it would include factors such as: Reputation Impact Scope of Attack Disruption to Operations Threat Intel / APT Reliability Condition of Backups Long-Term Sustainability of BCP Does anyone have any examples of a graphical decision tree or matrix that incorporates some of these types of elements? This is to include in a playbook.

How much time do you spend evaluating vendors each week? E.g. Reading up, having phone calls and demos etc.

<1hr23%

1-3hrs60%

3-5hrs12%

>5hrs2%

View Results

We implemented Oracle HCM recently including Redwood. Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

How do we allow an email with password protected attachments securely over an email gateway like Cisco Ironport, Fortimail etc.?

Sort by:

Content you might like

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

How much time do you spend evaluating vendors each week? E.g. Reading up, having phone calls and demos etc.

Does your IT team or your HR team absorb to costs of HR technology?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Cloud Spending: IT Balances Costs with GenAI Innovations

Are U.S. Organizations Insuring Against CISO Liability Risk?

Building an Effective Executive Succession Plan

Take Your Insights On-the-Go