Email attachments are as common as junk mail and sometimes quite similar! However, in the business environment they are often a necessity. Important documents such as reports, newsletters, spreadsheets, presentations, etc. are all common attachments that we receive multiple times on a given day. But if you aren't careful, the content of those attachments can pose security risks.
Spam blocking programs, antivirus software, and system firewalls are usually pretty good about blocking the obvious junk that gets sent across the internet. So the bigger risk is often much closer to home: your very own employees. Now don't get me wrong, they may
very well be the most reliable and honest people on the planet but if not properly trained and cautioned they can be a liability.
Having said that, email attachments and how they are used should absolutely be a part of your information security policy. Strict guidelines for what can and cannot be sent as an attachment should be established. If information security is a top priority for your business, it's not unheard of to restrict all email attachments for external recipients and only allowing attachments to be sent within your protected network.
As stated before, the obvious spam and malware attachments are often captured and subsequently quarantined by antivirus applications and firewalls. However it is still vitally important to train employees on how to recognize suspicious attachments; especially if the email is from an unrecognized sender. An email such as this should be forwarded (NOT opened) to the network administrator or a member
of IT support so it can be properly scanned. Sometimes malicious attachments DO make it past the email scanners and firewalls so always err on the side of caution.
Follow these simple guidelines, tailor them to your business's specific security needs, and enjoy a safer work environment for your employees and customers.