First it is essential to identify the security issues that email presents before email security solutions can be found.
What are the different types of email security?
We are all responsible for email security as we all use email as a regular form of contact for business, personal and financial transactions. But what are the different forms of email security that we can easily implement within our business environment?
- Robust passwords – avoid easy to work out passwords (e.g. P3s5word 123) and use different passwords for different platforms. If possible install password management software which can automatically generate strong, unique passwords.
- Multi-factor authentication – Implement multi-factor authentication where an OTP code will be sent to your mobile phone or a fingerprint is requested for access to be given.
- Encryption – insure inbound and outbound emails are encrypted, especially if sensitive data is being sent.
- Attachments – all attachments should be scanned with antivirus software as well as staff training on the danger of attachments from unknown sources, especially zip folders. It is thought, however, that 48% of malicious attachments are Microsoft Office files and therefore look legitimate.
- Phishing training – staff training on common phishing email campaigns as well as the implications of clicking on a link.
- Outbound filtering – a robust email security system will scan outbound messages to ensure these do not contain malicious coding or viruses. Not all security issues are from inbound messages.
How does email security work?
There are essentially two forms of email security threats – attacks and interception. The security measures put in place are essentially to protect your inbox from both of these threats. However, each security system works in a slightly different way to prevent one or both of the threats.
- Spam filter – the spam filter through your email provider is able to spot certain emails which could be considered a threat. A large number of the emails caught by spam filters are phishing emails where the user is tricked into entering their personal details into a fake login page. The spam filter can also spot emails which contain malware attachments.
- Custom filters – Most email applications also allow the setting of custom filters which allows the users to block certain senders or to filter emails into the junk folder. This can be particularly useful for blacklisting certain addresses.
- Encryption – there are various types of encryption with the most common being TLS encryption which is used by most the email providers including Google. Businesses could also consider end-to-end encryption as an extra measure. The software encrypts the data in the email so only the recipient (who also has the software) will be able to access the email. This prevents anyone who is not the intended recipient from accessing or intercepting the email.
- Antivirus software – whilst this is a must for general IT security, antivirus software can also be useful for email security as it can attack phishing emails as well as scan any websites and identify phishing sites.
Why do we need email security?
Emails are a prime target for hackers as they are used as a well-trusted form of communication where people happily send bank details, images of ID, and other personal and sensitive information. For a hacker, this could mean big bucks.
In 2017 Yahoo reported that more than three billion user accounts across its platforms had been compromised. Even Microsoft in 2019 were victims of hackers who gained access to email accounts through the customer support portal.
Such cases can be sobering as if the big players like Microsoft and Yahoo are subject to attacks with all the security they have in place, then what hope does a small business have? However, whatever measures you put in place will make it that little bit harder for hackers and cyber criminals to target your business. By following the four steps below to email security, and the other email security tips in this blog you will have a much safer email culture within your business.
Are emails automatically protected?
Whilst the majority of email providers do offer encryption, require password login and also have efficient spam filters as standard there is no harm in extra protection.
You can never be too safe when it comes to email security.
Using caution with email attachments
Essentially, when you send an email with or without an attachment, unless it is encrypted everything in that email is potentially visible to third parties. It has been likened to sending a postcard in the post. However, for the majority of the emails sent this isn’t too much of a problem but there are times where the data sent is sensitive, such as medical, or financial details.
However, when encryption software is used with emails they don’t always encrypt the attachments. This means the email is ‘safe’ but the sensitive information in the attachment is not and therefore could be stolen if the email is intercepted before it reaches the recipient.
Therefore, when sending attachments, they should be password protected with the password being sent via another medium (e.g. text message) to the recipient as well as changing the security settings on the email platform to encrypt the attachment as well, if possible.
There is also a threat with receiving attachments, as mentioned briefly above as they can contain viruses or malware which can infect your machine as well as any networked machines.
When dealing with received attachments:
- Ensure your antivirus software is up to date and that it is set to scan all emails and their attachments.
- Don’t open attachments from unknown senders.
- Be extra cautious with zip folders and unusual extensions (e.g. song.mp3.exe or .com or .vbs).
- If you must open the attachment as it could be legitimate, try to do so on a non-networked machine with limited privileges so if it is malicious it cannot cause much damage.
Four Steps to Email Security
When thinking about email security here is the top four steps you should consider as a starting point.
Be careful when you forward emails
Although forwarding emails has become a regular practice, it’s important to remember to check each and every piece of information in an email before it is sent on. Phishing attacks are one of the most widespread ways many companies’ email security programs are infiltrated by malicious software; in the worst-case scenario, forwarding an email to your colleagues without thinking could lead to you unknowingly spreading a bug into your infrastructure. Taking steps to make sure your data and sensitive information are never knowingly exposed to the wrong eyes will make sure your email security always stays at the forefront of your mind.
Integrating encryption into your email security program is one of the most effective security measures when it comes to protecting your entire network. It is a sure-fire way to ensuring your information does end up in the wrong hands. As of October 2018, 92% of all inbound email to Gmail were encrypted, showing how a widespread encryption protocol can strengthen both your own email security and that of the customers and clients you’re getting in touch with. This form of email security also ensures each and every one of your email communications undergoes a scanning and encryption process, allowing no messages to go unseen by you and your scanners. Business users could also consider going one step further by implementing end-to-end encryption.
Don’t ignore system updates
Every day, we send about 205 billion emails worldwide – that’s a lot of messages for your email security program to deal with. One way to prevent any infected communications from slipping through your email security net is to make sure your systems are regularly updated. While this sounds simplistic, we all know how easy it is to ignore pop-ups when you’ve got a busy to-do list to get through. However, keeping your systems up to date with the latest and most evolved email security measures is a simple and effective means of saving you the hassle of dealing with a data breach further down the line. This also ensures that your email security stays in line with your wider network security plan, allowing your communications to benefit from the same updates, patches and bug fixes as the rest of your systems.
Activate sender verification
Whether you send a lot of emails in house, to your remote working team while they are out and about or to potential customers and clients, incorporating sender verification into your email security planning will make sure only the good guys get through. Activating reverse DNS to find and block potentially dangerous senders makes sure phishing emails will find it much harder to reach their intended targets, ultimately making sure only completely verified senders make it through your email security filters.
Need a hand getting your email security into gear? With cloud software stored within our military grade data centre and the help of our dedicated engineers, we’ll make sure your systems benefit from all-round network and email security.
Explore our cyber security services! Get in touch with our friendly team of cyber security experts to find out how we can keep your communications moving with complete confidence.