Email poses three main threats to an organization: First, the simple loss of productivity resulting from employees having to wade through unwanted, useless junk mail for the nuggets they actually want; second, malware threats carried by the email that steal passwords, account numbers, and other potentially damaging information; third, social engineering or emails used to trick recipients into revealing sensitive information.
To counter these three threats, there are five fundamental things you should expect your email security software to do:
- Identify spam
- Spot malware
- Organize incoming email
- Nip the effects of social engineering in the bud
- Allow customization of the previous four features
Below we’ll look at each feature in detail, and why it’s needed.
1. Identify spam
The average worker gets 80 emails a day, and that worker spends 28 percent of the average day attending to them. But 15 to 20 percent are typically spam. If that percentage of phone calls were scams or a percentage of meetings that turned out to be with con artists, the impact would be catastrophic, and reasonable efforts to tame the problem would seem worthwhile.
Since email can be culled with the Delete key, individual end-users are too-often left to police their own spam. But the email barrage never ends, and so the assault on the user’s productivity never ends. Thankfully, automated tools can be brought to bear against spam in the form of email security software. For instance, since most spam is sent by machines, software that requires senders to prove their human status by responding to a one-time query can block most spam.
2. Spot malware
In most cases, hackers cannot have accomplished any of the recent, highly publicized data breaches without slipping some malware into the target system. “The Verizon 2015 Data Breach Investigations Report” shows that 77.3 percent of malware arrives via email, either as attachments or as embedded links to infected Web files. Meanwhile, the stock-in-trade of the hacker is the zero-day exploit, which the anti-virus software of individual machines cannot detect.
The email security system becomes the first line of defense. It can block email from known spammers and subject email from suspicious sources to extra scrutiny. It will use anti-spoofing functions to keep hackers from hiding behind innocent addresses. All mail can be scanned for patterns common to malware and phishing, and cloud-based systems can analyze Internet-wide traffic patterns to detect streams of spam. In the end, it’s possible to spot malware even when zero-day exploits remain, as usual, invisible.
3. Organize incoming email
Among the scores of emails an office worker receives in a day, only 11, on average, need an immediate response. The rest can be filed away or deleted. But it can take a full minute to determine what should be done with an individual email, so that the non-urgent ones steal time from the urgent ones.
Office workers need help even with legitimate emails; these emails are large in volume and high in priority. Simply listing them is not enough, the email system must have some way to organize them. A clean desk, devoid of random papers, has long been the hallmark of an organized worker, but it also shows that the worker has a scheme for filing things. An empty inbox is an equivalent hallmark, but likewise shows that the worker has a personal filing scheme—one that the software must support with configurable and searchable storage folders. Automatic filtering of incoming email into these personalized folders adds another level of personal productivity. Since questionable items can be automatically sequestered by the filter, filtering also adds another level of security.
4. Nip social engineering in the bud
Some of the most dangerous emails present the recipient with a plausible reason for answering with an account number. An important package needs to clear customs. The boss needs to get out of a foreign jail. Everyone wants free products from Microsoft. Even if ongoing security awareness training neutralizes those threats, someone will eventually pick up a USB memory stick they found in the parking lot and plug it into their computer just out of curiosity.
Data loss prevention features can stop passwords, account numbers, and trade secrets from flowing out of the organization at the speed of light. The system will typically include features that discover what information is stored on the system and monitor its use to establish a behavioral baseline. Then, if the data is accessed at odd times, or from odd places, it can raise alerts. Administrators can also, for instance, list files (or the contents of whole directors or servers) that can’t be attached to emails. The use of certain keywords or phrases can also be set to raise red flags.
Of course, you don’t want employees spewing unprintable denunciations at customers who have annoyed them, or offering shady under-the-table deals to other customers. The same software can be used to look for both situations.
Every user and every organization is different, so that one person’s spam is another person’s informative newsletter. Of course, junk solicitations from previously unknown Nigerian millionaires trying to get money out of that country (can it really be so hard that they have to appeal to random strangers?) will always be junk, but short of that there are always gray areas. Unless these gray areas can be parsed with precision, the system will produce false positives and false negatives, and each one will undercut the usefulness of the system.
Beyond that, the system should allow users to decide if pictures and other attachments should be downloaded automatically, whether attachments should be opened or even displayed, whether scripts and plug-ins should be allowed to run, and similar issues. And these issues should be set-able at the global, domain, group, and individual levels.
The business community has come to rely on email as a fundamental tool, but like any tool it can be used wrongly. In the case of email, that means using it in isolation, without any security measures. With proper email security you can ensure that email is a source of productivity for your organization, rather than impediment. But its features must match the threats.
If you’re ready for a new approach to email security and management, request a demo to see Sendio in action today.