Countless reports and news stories show us just how important good email security is. According to the 2015 Verizon Data Breach Investigation Report, 77.3 percent of all malware is installed via email. Attachments containing malicious files account for 39.9 percent of malware installations overall while links embedded in the email message are responsible for 34.7 percent. With a good portion of targeted attacks consisting of zero-day exploits, relying solely on anti-virus solutions to protect against a breach is not going to cut it.
As an email administrator, you are ultimately responsible for making sure that your company’s systems are neither open to attack nor part of the threat landscape. All it takes is one mistake in this area and your organization could wind up paying the cost.
With threats constantly changing, it’s a good practice for even experienced IT professionals to expand their knowledge of email security tactics. There are plenty of email security tips available on the web, but most of these are geared towards the end-user: articles telling them not to reply to spam and to make sure they don’t share too much information are plentiful. While these are good resources to share with your users, these tips don’t do much to help an IT professional. These email security tips will help you and your IT provide better protection from email threats.
1. Create and Enforce Meaningful Password Policies
Most organizations require employees to review and sign a number of security policies. A policy that requires strong passwords is likely already among these.You may even enforce password rules using technical controls,but does your policy unique or diverse passwords? Having a unique password for each service that requires credentials helps mitigate problems that can arise if a successful phishing attack or even a keylogger that steals a user’s credentials. If that person uses the same password for different accounts, an attacker would have an easier time guessing what their credentials might to successfully login to other services that person has access to.
2. Use encryption
Think about how many of your users work outside of the office. They may be reading and answering emails from a coffee shop or working from a hotel room on the road, but if they are outside of your network you have no control over the connection they are using. If they connect to an unsecured or a rogue network, any data they transmit in plain text is open for anyone to view. Encrypting your emails keeps the message content safe from prying eyes.
3. Put the right tools in place
This is most important email security tip of them all: making sure you have the right technical controls in place to stop threats before they reach your users’ inboxes. At a minimum, make sure that the tools use to protect your email systems provide:
Anti-virus protection to check for malicious content
Anti-spoofing to validate the identity of senders
Content filtering to scan for known threats and patterns used by spammers and phishers
IP reputation filters to turn away messages that come from known spammers
In addition, consider a solution that takes email security to the next step. One that includes features such as:
Sendio Server Recon to address emails from unknown IP addresses
Sender Policy Frameworks to validate both inbound and outbound emails
Challenge/response email verification
End user management of whitelisting/blacklisting
DMARC management for message authentication
In security, there are always new trends and bandwagons that claim to be the next great thing to keep bad guys at bay. These email security tips don’t take you down the path of the next big trend. They are the things that have helped keep businesses safe in the past and will continue to keep them safe in the future.
Find out how Sendio can help you put the right tools in place to help keep your company’s email safe.