Improve Your Workplace Email Security in Five Steps

Unfortunately, email is also the most common entry point for cyberattacks, with malware and exploits sneaking into the network and credentials and sensitive data being siphoned off.

Threats to Email Security

Most malicious spam intercepted by spam filters consists of phishing emails, seeking credentials or other information. The remaining portion includes a mix of messages with links to malicious websites or attachments laden with booby traps, hoping to install backdoors, remote access trojans (RATs), information stealers, or to download other malicious files.

Phishing remains a frighteningly effective tactic for attackers, regardless of the ultimate goal.

This is partly because the operators behind these attacks continue to refine their skills and improve the complexity of their campaigns.

A prime example is the rise of Business Email Compromise (BEC). No longer limited to poorly spelled or formatted messages pretending to be from the CEO demanding immediate and confidential transfers of significant sums, the latest iterations are subtler and smarter.

Attackers thoroughly prepare their assaults. They learn about the company and their target, adopt their language style and tone, and sometimes even actual email accounts.

The absence of malicious links or attachments in such emails makes them difficult to detect with traditional security tools.

Attackers have also learned to better spoof web domains and take full advantage of the fact that one in three business emails is now opened on mobile devices. It’s harder to verify the source and integrity of a message on a smartphone, and people are more likely to be on the go or distracted, making them easier targets.

Five Steps to Secure Your Organization’s Email

With these considerations in mind, here are our tips for improving email security in your organization in five steps.

Step 1: Install an Intelligent Security Solution
To screen your email, detect, and block malicious mails before they ever reach you, your starting point must be effective security software. It’s worth considering a cloud-based option that allows for real-time updates, scalability, and integration with other security tools for shared intelligence.

To ensure your security solution performs optimally, you should also set appropriate controls for incoming and outgoing emails. For example, do you only scan emails upon receipt, or do you monitor where users click after opening the email?

What about quarantining unwanted emails or those that haven’t passed authentication, and who has the authority to configure or override decisions?

Step 2: Implement Robust Email Authentication Measures
Your organization must be able to verify that an email is coming from the person and source it claims to be from. Phishing emails often have spoofed or disguised email addresses, and email authentication provides essential protection against these.

Your email security solution should check every incoming email against the authentication rules set by the domain from which the email appears to come. The best way to do this is by implementing one or more of the recognized standards for email authentication.

The key standards are:

• Sender Policy Framework (SPF) – This is a Domain Name Server (DNS) record that checks the incoming email address against predefined IP addresses that are allowed to send an email for a particular domain. If the incoming email address doesn’t match any of them, the address is likely fake.
• DomainKeys Identified Mail (DKIM) – This looks at an incoming email to check if anything has been changed. If the email is legitimate, DKIM finds a digital signature linked to a specific domain name that is confirmed in the header of the email.
• Domain Message Authentication Reporting and Conformance (DMARC) – This instructs the receiving server not to accept an email if it fails the DKIM or SPF checks. These checks can be performed separately, but DMARC combines them. It also ensures that a domain authenticated by SPF and DKIM matches the domain. DMARC currently provides the best, most commonly used approach for authenticating email senders.

Step 3: Educate Employees on What to Look For
Employees who are aware of the warning signs of suspicious emails form a great line of defense.

You can implement formal online training, share examples of the latest threats, conduct tests, and show them some standard checks: does the email address look suspicious, are there unexpected language errors? If it seems to come from an internal colleague, would they typically communicate this way? Is the incoming email something you were expecting, from someone you know?

As mentioned earlier, some possible red flags are harder to recognize when employees open the message on a mobile device. One way to address this is by implementing banners that automatically illuminate when an email originates from an external source, even if it seems to come from an internal address.

Step 4: Teach Employees What to Do if They Find Something
You should make it easy for colleagues to report things they are unsure about. This means providing them with a simple process, such as an intranet mailbox for reporting suspicious messages.

The goal is to maximize the number of reported cases. It’s never too late to stop further damage, so you should also encourage those who have become victims of an attack to come forward.

Step 5: Don’t Forget About Outgoing Email
Emails sent from your organization are also assessed by recipients against the authentication methods outlined above.

You need to ensure robust controls against your own domain name; this is crucial for the integrity of communication and your organization’s brand reputation and to prevent abuse by adversaries.

You may also want to consider what else you need to monitor and manage regarding outgoing email.

For example, do you scan for abnormal activities or unusual behavior patterns (such as emails regularly being sent in the middle of the night to non-verified IP addresses) that may indicate a compromised internal email account or an active cyberattack?

Do you scan and block payment information such as credit card details or other personally identifiable information (PII) of customers leaving the network, etc.?

These are sensitive areas that concern employee awareness and trust as much as email security. The best place to start is by educating and supporting staff.

Email threats are constantly evolving as attackers take advantage of new technologies, new environments, or simply sharpen their social engineering tactics. Regularly check your email security to ensure it keeps pace with both changes in your organization and attack techniques.

One More Suggestion for…
If you’re looking at email security for your workplace, you might want to consider:

Automated User Awareness and Phishing Training. This is a phishing simulator that allows you to test your staff in a friendly way, with realistic but artificial scams, so your users can make their mistakes when you are on the other side, rather than when it’s a cybercriminal. At BOSSIT, we can create a trial setup for your organization; for more information, you can take a look at our User Awareness and Phishing page.