If confidential information didn’t exist, you wouldn’t have to worry about data breaches. . If the vectors for malware were eliminated, your organisation and its employees would no longer be at risk from malware infection, and the loss and damage that can go with it.
However, rubbing out all such information would likely destroy assets of considerable value, reduce competitive advantage to zero, and even make it impossible to do business.
Likewise, isolating an organisation from all external communication would be a recipe for disaster. A more balanced approach to information deletion or rejection is therefore required.
Information retention policies help organisations to manage the amount of information they store and the length of time of the storage.
To define and apply a suitable policy, you must understand the value of your data over time and comply with any data retention laws affecting your enterprise.
Your information must also be properly organised for later search and access, protected against breaches and attacks while you retain it, and correctly eliminated (more than just pressing the “Del” key!) when it is no longer required.
To show stakeholders and regulatory agencies, and courts of law if it goes that far, that you have a suitable approach in place, your data retention and destruction processes must also be repeatable and predictable.
Attack vectors for malware can be treated to some degree by antivirus software, but today’s attackers have found many ways of getting around conventional AV programs.
Other simpler approaches may work better. Given that email is one of the major channels for attacks, either through malicious file attachments or social engineering, it is possible to blacklist and reject any message that does not come from known senders and is free from dubious content.
Greylisting is less drastic, first rejecting such suspicious messages, but giving the sender the possibility to manually get onto the white list (approved senders). In theory, spambots will not try again, and only genuine humans will make the effort.
By setting the cursor appropriately between the limits of what you accept or reject (or destroy), you can then further optimize your IT security.