Secure Emails: 6 Do’s and Don’ts for IT Pros
Whether it’s the ruthless cyber criminals hatching new schemes or harried end-users mistakenly clicking a link, you need a diversified arsenal of email security defenses.
“Attacks are arriving at different scales and using innovative approaches every day,” says Adam Sbeta, cybersecurity analyst and senior team leader for RCE IT Resource in Santa Clara, CA. “So when one layer misses hopefully another catches the threat.”
Here are 6 ways to secure email:
- DO use your email security data as a source for your SIEM. Integrating email data into your SIEM or data analytics platform enables you to identify current email-borne attacks and defend against future cyber threats. Bonus: This tactic eases email compliance reporting, boosts incident investigation and empowers you to remediate security events faster.
- DON'T inadvertently push users to use rogue file-sharing services. You want to discourage sending large files through email as this can seriously impact the performance of your email, but using third-party consumer-grade file sharing services may violate compliance requirements and put your IP or customer data at risk. Select an email security service provider that offers a cloud-based service to send large files securely.
- DO analyze inbound attachments. An email gateway with sophisticated malware detection automatically analyzes inbound attachments using multiple AV engines, static file analysis, and behavioral sandboxing (a quarantined security environment where potentially dodgy files can be analyzed).
- DON'T overlook internally generated emails. Threats don’t just come from outside your organization. Insiders can mistakenly or maliciously compromise your security. Malicious actors that have popped your users’ account credentials can use internal phishing to spread laterally. Human error is also an ever-present problem. A 2016 Forrester Consulting study found that 36% of businesses reported incidents of insiders inadvertently emailing sensitive data where they shouldn’t. Employ a cloud-based email security solution with threat monitoring and remediation capabilities focused on internally generated email.
- DO use DNS authentication. Implementing DMARC can help reduce impersonation attacks by automatically rejecting messages from spoofed (often well-known) domains when both sender and recipient are using DMARC. Making sure SPF and DKIM are also properly set-up helps ensure that inbound messages that should be blocked don’t inadvertently make it to inboxes.
- DON'T forget multi-factor authentication for your employees. This seemingly small tactic has a big impact on security, making it less likely that malicious people gain access to your email or other parts of your network. Require it both for administrators and employees.
These methods reduce the likelihood of a breach or a successful cyberattack, but that doesn’t mean you can shortchange your cyber resilience for email when something bad does get in.
“I don’t think that companies are aware of how long it takes during the remediation period after an attack and how costs can keep adding up daily,” warns Darren Guccione, CEO, and co-founder of Chicago-based Keeper Security. “On average,” he says, “it takes 46 days to remediate a data breach from a cyberattack, provided you have an adequate response plan in place.” Best to avoid this scenario!