Spam, Virus, Malware detection, and control is very basic to the email security of any email solution. However, it is not enough to keep secure against the growing sophistication of Email borne attacks.
Due to its popularity, Email is the #1 vector of choice to carry dangerous malware payload.
94% of malware is delivered via Email – Verizon
But, for adequate email security, more so as we step into the new decade, consider if your email solution offers the below security controls besides strong malware protection.Â
1. Effective Ransomware protection:
Ransomware attacks and gains control of your systems to deny access to your data and threatens you with a ransom demand. Ransomware is a type of malware.
A new organization will fall victim to ransomware every 14 seconds by 2021 – PurpleSec.
Ransomware as a payload on Email has been growing over the years.Â
In 2019 ransomware from phishing emails increased 109% over 2017.
Q: Does your email security gateway have robust ransomware detection and neutralizing capabilities?
2. Effective DDOS protection:
A Distributed Denial of Service attack is designed to cripple your networks with a focus on email services.Â
By 2023, the total number of DDoS attacks worldwide will be 15.4 million – Varonis
Q: Does your email solution provider have adequate DDOS mitigation measures in place on all public endpoints?
3. Prevent impersonation by a sender:
Spoofing is the process of sending emails on behalf of someone else. In other words, impersonation.Â
Email spoofing is a technique to trick users into thinking a message came from a known or trustworthy person/entity.Â
In email spoofing attacks, the sender rewrites the email headers to display a different (known person or authority figure) sender address, which most users take at face value.Â
32% of breaches involve phishing – Verizon
Q: Does your email solution effectively detect inbound spoofed Email and prevent unauthorized senders from impersonating other users on your network?
4. Maintain a strong domain reputation
One of the pillars of email security at the periphery is the reputation of the email sender. While scanning inbound Email for malware, Email security gateways worldwide provide a fair weightage to the source’s reputation.
A clean and complete email solution configuration determines the senders’ reputation, amongst other factors such as spam complaints about your Email.Â
You can check your email domain’s reputation at SenderScore, TrustedSource by McAfee, and Google Postmaster tools.
Q: Does your email solution use Industry best practices such as DKIM, SPF, and DMARC to maintain a clean reputation for your domain?
Q: Do you use a different solution for marketing and transactional Emails?
5. Encryption of email data at Rest and in Transit
Encryption is converting data from a readable format into an encoded format (ciphertext) that can only be read or processed after decryption.Â
The most secure way to encrypt is to use the AES (Advanced Encryption Standard) 256-bit keys.
Encryption prevents sniffing over the wire and renders the data unusable even if someone gains access to the data.
Q: Does your email solution support encryption at rest and transit for your email data using the AES 256-bit keys?
6. Policies to control Mail flow
Robust, well-defined rules to control mail flow between users are proactive approaches to preventing data leakage or the email solution’s misuse.
Mail flow policies allow you to encode and automate your business rules regarding your organization’s authorization and email usage scope.
E.g., you may have a set of users who should not communicate with external domains, OR you may have a bunch of users who should not send attachments OR allow only a group of users to send mail via distribution lists, and more.
Q: Does your email solution support policies to control mail flow based on rules defined using the mail attributes such as from id, to id, cc id, the subject’s content, attachment names, attachments, and more?
7. Data Leak Prevention (DLP)
DLP for inbound and outbound Email allows you to intercept, modify and monitor Email matching specific criteria or carrying sensitive private information.
E.g., the system can detect and act on emails carrying financial or PII (Personally identifiable information) like Aadhar numbers, PAN numbers, credit card numbers, passport numbers, and more.
Q: Does your email solution offer DLP capabilities?
8. Access control
Access control works by allowing selected or all users to consume the services only from trusted networks and disabling unnecessary services.
In effect, this reduces the surface area of exposure bringing security more under control.
Q: Does your email solution allow you to granularly block/enable services per user and allow access only from a specified trusted IP range?
9. URL hygiene and safety
Inserting malicious URLs in emails and luring the reader to click on them is the most common form of offloading dangerous payload onto the user’s environment or seeking sensitive information.
Thus, ensuring safe URLs is an essential part of the security of an email solution.Â
Time of Click protection:Â One method of ensuring safe URLs is to intercept link clicks from emails and review the site for reputation, malware, and exploits before allowing a response to the endpoint.Â
URL Sanitization:Â Another method is to sanitize corrupt, broken, incomplete, or malformed links by nullifying them before display to the user.
Q: Does your email solution offer protection from malicious URLs in emails?
10. Account Lockout
Your email account may be subject to hack attempts or brute force attacks to gain entry to your mail data.
A brute force attack is a hack attempt that relies on guessing possible combinations of a targeted password until the correct password gets found.Â
A popular method of protecting online accounts is to lock their access following multiple failed attempts. Typically these accounts are released only after administration intervention.
Q: Does your email solution have the facility of automatic account lockout?
11. Email Backup
To protect against accidental or intentional mail deletions, corruption or theft, having tamper-proof backups of your email is foundational to your security strategy.
Email backups stored at end points in the form of PST files, or on secondary strage devices is not very effective or safe. These backups are unwieldy, fragmented, difficult to access and secure.Â
A recommended best practice is to archive a copy of all email, in-flight, into a separate platform to help centrally protect, manage and leverage this data.Â
Q: Does your IT strategy have an automatic email archive as a critical line item?
Conclusion
In a rapidly digitizing world, email carries nearly 70% of your business critical data (IDC).Â
Thus securing email should be the critical path of your security strategy to reduce risk and protect data.Â
And, robust Spam, Virus, Malware protection is necessary but not sufficient.Â
Hence, we recommend that you review your email solution against the ten additional security controls, listed above, to improve your security posture.Â
Resources:
- Preventing email fraud, email spoofing, email phishing, and impersonation with SPF, DKIM, DMARC, and other security controls
- Data Leak Prevention with SkyConnect – Critical for your Security Strategy
- Email Phishing – How humans are the weakest link
- Cloud email protection with on-demand ediscovery of email
- Email security tips
Mithi SkyConnect, the secure cloud business email platform, partners with Trend Micro (Industry leader in Email security) and bundles Vaultastic’s cloud data protection to deliver bullet-proof email security to its enterprise customers.