As much as we IT folks like to think we've got things under control, things happen. Email servers crash, hard drives fill up due to message overload and viruses infect systems. When it comes to keeping email systems running smoothly, I'm not much of a believer in the so-called accidents or dreaded computer "glitches" that companies attribute computer incidents to in the media.
I think most email problems occur due to a series of poor choices over time.
I've made many bad IT choices over the years -- as many of us have. Making mistakes is certainly the best way to learn what works and what doesn't. I want to share with you the biggest blunders I've made and witnessed over the years that can derail the smooth operation of one of your most critical business applications -- your email -- in no time flat.
If you can focus on making these mistakes, you, your email and your users can all coexist safely and soundly.
Blunder No. 1: Failing to establish a contingency plan.
It's easy to forget just how critical your email system is to your organization. All it takes is a hacker or malware attack to take it all down and turn your name or your company's name into dirt.
Make sure your email systems (servers and workstations) are included in your organization's incident response and business continuity plans.
Also, don't forget to have a backup email administrator or consultant who knows the system (configuration, passwords ) in case something happens to you.
Blunder No. 2: Thinking email monitoring is an IT issue.
No matter how much you love to play Big Brother by monitoring email content, leave it up to human resources (HR) or other management. Your job is to help implement and manage the content filtering technology that enables others to perform this HR function -- period.
Blunder No. 3: Neglecting HR.
Speaking of HR, you've got to establish regular communication with them, especially in larger organizations. A breakdown in communications with HR can be one of the most frustrating things you can experience as an email administrator. If you don't know who just joined the company, who is going to be out for a while and who quit or got fired, bad things can and will happen eventually.
Blunder No. 4: Taking the wrong approach to spam.
Focusing your valuable efforts on filtering spam is the best way to turn spam into a security nightmare. Dedicate your "spam time" to researching, implementing and managing a spam filtering system so you can focus on other security issues. Also, if your spam filtering system allows it, empower users to clean out their own spam. This can save you the valuable time that you can use to clean out your own inbox.
Blunder No. 5: Forgetting to test backups.
I know, I know. This is about as tiring as hearing about the importance of security policies. However obvious, test your email backups often to make sure the data will be there when you need it. I guarantee you won't be sorry.
Blunder No. 6: Not taking the security and privacy of emails seriously.
Email servers are often the point of entry into your network. Make your email server(s) your most highly secured systems. Of course, client security is critical, too, so make sure malware protection software (antivirus, antispyware and whatever else comes next) is loaded and the systems are hardened. Just remember to balance security with usability so that users can get their jobs done.
Blunder No. 7: Letting maintenance tasks slip.
Time is of the essence here -- yet there never seems to be enough of it. The first critical maintenance task that comes to mind is to actively monitor your email storage space, especially if you're not limiting it at the user level.
Hint: One of the best ways to cut down on storage space problems is to educate users on how to send links to files stored on the network via email instead of attaching the file to the email itself. The other critical maintenance task that's often mismanaged is the application of critical security patches. As with spam, put a patch management system in place and let it do most of the grunt work for you.
Blunder No. 8: Overlooking data retention requirements.
The mandates for retaining email messages as business records should come from the higher-ups and legal counsel. You still can and should help evaluate, recommend and implement document management or other retention systems to help support the cause. Email discovery and forensics is a very messy process. Solid retention procedures will help everyone if the need arises -- especially you!
Whether you only perform email administration or it's one of many areas you're responsible for, a lot is on the line. You can help prevent email administration mistakes by thinking things through before you act. Don't feel ashamed or get discouraged if something goes awry.
Learn from your experiences (and mine) to make positive changes, and you might just be able keep the email monster under control.
Kevin Beaver is founder and principal consultant of Principle Logic LLC, which specializes in information security. He is the co-author of The Practical Guide to HIPAA Privacy and Security Compliance. He can be reached at firstname.lastname@example.org.