E-mail: we hate it, but we love it and need it. More than 80% of small business owners believe e-mail is a key to the success of their business, according to a recent survey by SurePayroll, an online payroll service.

However, as small businesses rely more on e-mail their networks become more vulnerable to increasingly sophisticated viruses and spam. According to Gartner, 90% of all viruses and worms infect organizations via e-mail.

What is at risk? The very business itself. Losing data too often creates a financial and operational burden that can scuttle your enterprise, and conventional firewall/antivirus solutions are no longer sufficient against all threats. Effective security solutions evolve continually to incorporate advanced security technologies and security-conscious business practices.

To enhance e-mail security beyond common firewall and antivirus solutions, small businesses today have a growing range of options, from high-end software solutions to network appliances or managed third-party services.

But e-mail security is a two-way problem – what leaves an organization in e-mail can be just as harmful as what's coming in. Highly regulated organizations such as financial institutions and healthcare providers, or those who contract with them, face legal exposure and liabilities if employees send out sensitive client or patient information, from Social Security and account numbers to confidential records.

For this reason, small businesses are turning to e-mail content filtering, including the ability to block discrete attachments based on content, both inbound and outbound. Content filtering can alleviate the increasing challenges of compliance with corporate governance or regulatory compliance measures such as the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act and Sarbanes-Oxley.

Human software

For all of the sophisticated hardware and software available to tighten e-mail security, the most powerful component in an effective solution is a community of informed and compliant users guided by savvy leadership. Training users to avoid risky behaviors is the first step, and then there are other practical steps that management can take to improve e-mail security:

* Implement an e-mail archiving system and establish a retention policy for e-mail that is consistent with your corporate culture, regulatory requirements and industry. Specify policies and controls for what can be stored on user desktops and laptops and for how long, so important data gets to storage devices that you can control and protect. Empower your network administrators to enforce those policies, and that means giving them the tools to do so.