No matter what type of security controls are in place for a large enterprise, small business or telecommuter, there’s usually one particularly porous component that is seemingly impossible to lock down fully: incoming email.
In one day, an average worker receives 85 emails, and of those, 10 are spam, 64 are bulk mail, and only 11 are important enough to be read right away. An employee spends about one minute trying to deal with each of the messages while trying to work on other tasks. With employees multitasking and not carefully considering the emails that they open, it’s easy for malware and other threats to slip in and affect an entire system.
Although the numbers are daunting, it’s possible to reduce email security issues and allow all employees to more efficiently do their jobs as a result. Consider these email security tips for better protection:
1. Significantly reduce the email deluge
The more email that comes into employee inboxes, the higher the risk that some of those messages could cause damage. Reducing spam and other unwanted messages through an effective email filtering service can add layers of security on any existing IT strategy. The key is to take control over email in a way that allows trusted senders through, while keeping others out. This creates a vastly more secure email environment through the development of a trusted community.
Email filtering allows you to verify sender addresses, aggregate trusted sources, and establish a repository where some email types that you want — newsletters, bulk mail, social media updates and alerts — are put on hold until you can sort through them. This level of efficiency and also allows IT to handle email security much more effectively.
2. Train employees in security topics
Although IT departments are in charge of security controls and threat intelligence, email security is everyone’s business. With tactics like phishing and spoofing, hackers can trick employees into believing that emails are coming from trusted sources. That can lull them into thinking that links or attachments don’t present a security risk.
Providing email security training tactics is an important part of keeping email systems protected. With proper guidance, employees will automatically contact the IT department after receiving a suspicious email, and then disconnect any breached machines from the network. Since email threats are always changing, it’s important to keep employees up to date with the latest security topics.
3. Use IP address reputation and silverlisting
One of the top email security tips IT professionals should use this year is identifying malicious senders through the use of pattern matching. This can source senders’ IP addresses and identify any that seem suspicious, or that have been flagged by security researchers, by the use of machine learning. That means if you mark a message as spam, or someone else does, the tools you’re using then have more tools for matching future messages against that rejected message.
Another technique, silverlisting, employs an effective SMTP defense technique that targets common spammer automation behaviors. This is another protective layer for inbound email, and will help to cut down significantly on the amount of spam and other unwanted messages coming into an inbox and presenting security risks.
4. Understand your vendors’ security
In any company, IT oversight is crucial for making sure systems are protected for employees and executives. But what about vendors? Consider that the Target breach was caused by a phishing campaign that hit a small HVAC vendor of the retailer. Making sure that vendor access is appropriately controlled is a top issue in 2015 and will likely be a major topic in the years ahead as well. Understanding the role vendors play is important for having a more robust email security strategy.
When considering additional ways to handle email security, learn how Sendio can reduce threats, and improve the email experience throughout your organization.