Email Protection 101

By Madinah Ali, President and Co-Founder of Safe PC Cloud

Email has become one of the most critical communication tools for business because of its ease of use. Unfortunately, it is also one of the most vulnerable to and commonly targeted elements by cybercrime, because of the amount of “human touch” involved. In fact, the Verizon Data Breach Investigations Report found that emails are the primary source of malware. It is therefore imperative to deploy reliable security solutions to protect it.

Safe PC, a Cybersecurity Tech Accord signatory, recently developed a whitepaper titled Email Protection 101 to help companies combat the increase in phishing we have seen in the past year. Phishing is the most common social engineering attack, accounting for more than 80 percent of reported incidents. A basic phishing attack attempts to trick a user into disclosing personal details or other confidential information to cybercriminals. With the paper we hope to provide a set of good practices to help ensure that this does not happen in your environment.

There are four major ways in which your employees may end up compromising your email security:

  • Opening phishing emails: Often, emails will appear to have come from an authentic source and urge the reader to take action, such as clicking on a link and/or sharing sensitive information via an online form. The phishing links and the webpage clone the original so well that it is difficult to tell them apart.
  • Mistaking hacked emails as authentic ones: Some phishing emails come from an authentic sender account, which may have been hacked. One of the ways to spot such email messages is if ‘something feels amiss.’ For example, an email that’s ridden with typos, or the writing style is different, or an unexplained instruction to download an attachment, or fill a form is included.
  • Not following strict password hygiene: There are two primary bad hygiene practices that can get you into trouble with phishing scams. First is sharing passwords. The risk of falling victim to a cyberattack multiplies for every person who knows a password, especially if it is shared electronically. The second issue is ignoring best practices when creating new passwords. This includes having passwords that are too simple, not changing passwords often, or using the same password for multiple accounts.
  • Using unsecured personal devices for work: Many businesses allow their employees to work from anywhere, using their own devices. These creates additional risk, as these are often not as protected as company issued ones.

With that in mind, the first step to securing your email systems is training your employees to identify harmful email messages and be aware of your firm’s IT protocols and rules. To do so businesses should organize training sessions to educate employees about IT usage policies related to password management, the use of personal devices, data sharing and internet access. Conducting IT drills and workshops can also help your employees identify and steer clear of possible security threats.

Another aspect of email security is, of course, deploying a suitable email security solution. But, with so many available in the market, what should you be looking for when opting for an email security tool? Here are some key features you would want in your email security solution:

  • Use Encryption: By opting for an email security solution that offers data encryption, you can ensure that the thieves are not able to read stolen data. Data encryption is basically the encoding of data in an unreadable format when sent that is decoded once it reaches the recipient. Without decryption keys, no one can make sense of the accessed data.
  • Ditch the server-based email system: In server-based email systems – the kind supported by most older versions of email software – emails are stored on servers and transmitted every time the email software establishes a connection with them. This creates additional opportunities for cybercriminals to take sensitive information. The newer, web-based systems offer additional security.
  • Leverage strong filters: Make sure your email security tool has strong filtering capabilities to keep spam and malicious emails out of your inbox. Training employees to identify spam and fraudulent emails is good but getting an email security software that keeps most of them away is even better!
  • Rely on intelligence: When looking for email security software, consider artificial intelligence. According to Biztech, newer anti-malware relies less on signatures of known malicious content and instead uses threat intelligence, reputation services, and other near-real-time sources to pinpoint the location of threats to alert IT teams.

Cybercriminals are getting smarter and more innovative by the day. This is why you need an email security solution that can keep up with them.  And any breach of your email system is much more than that. A hack has the potential to translate into data leakage, compromise sensitive vendor and client data, or install malware that can paralyze your business functions entirely. If you don’t have the time to investigate the security of your email system, consider seeking assistance from a managed service provider (MSP). They will be able to review your business requirements and suggest the right email security tool for you. They can also help you draft a sound IT policy if you don’t already have one and conduct employee training and drills from a security perspective.