A basic view on Email Security

AnubisNetworks By AnubisNetworks • July 21, 2020

Email is a common entry point for attackers looking to find a crack in a company's network and obtain valuable data. So here's a basic view on Email security and on how this discipline uses numerous techniques for keeping sensitive information in email communication and accounts safe against unauthorized access, loss, or compromise. 

Problems in Email?

Email stands on an internet protocol for sending and receiving messages. This technology has some open holes, mostly because Email mimics the same process as physical Mail, with the difference that senders and recipients use different "post offices" and parcel shippers.

What this means:

  • Recipients can't be sure the sender in the envelope is the actual origin of the message.
  • Recipients can't be sure that the branding and content of the message is true in their intentions or, on the other hand, it's a fraud.
  • Recipients can't be sure the message has not be read or changed before arriving.
  • Senders and recipients cannot be sure the address is correct, if the recipient exists, and if the message will arrive on time.

On top of these liabilities, remember that companies are over dependant on email (billions are sent daily worldwide!) and that every employee receives over 100 messages per day (in a business environment), and that every employee has some digital (as well as social) footprint, making it easy to discover the employee's email address, as well as habits, job description, and even personal and private data. 

Attack types

Email is the number one gateway for cyber attacks. Because of the reasons stated above. Fact is that everyone uses it for just about anything. In terms of criminal economics, a small percentage of success can easily turn a profit (economic or information wise) for the attackers. 

Email is either Good (and legit, expected and/or authorized) or Bad. For the bad emails' you'll hear of plenty of terms, such as ransomware, spam, phishing, or business email compromise. Regardless of the terms you can simplify things:

  • Emails can be spam (as in newsletters or other commercial information), which don't harm you. Just want to "sell" you something without your consent or interest.
  • Emails can (also) be fraud (using social engineering, these emails try to fool you into doing something (e.g. wire a transfer). Sometimes it's called phishing or spoofing, or spearphishing (that's when the fraud is directed to one person, which makes it much harder to detect)
  • Emails can (also) be Infected (having malware content (in the attachments) or linking (via URLs) to malware sites). These emails usually are also fraudulent in the sense that these need to "make you" click on a link or attachment. Ransomware is just a type of malware.

There are four main parts of an email message that can be compromised or manipulated: The body of the email, the Attachments of the email, URLs contained within the email, and the sender's information, namely its email address.

What are the best email practices for business?

Here are the things your company can do to protect itself from employees who engage with phishing emails, malware spam, and other malicious messages:

  • Use multi-layer protection - the security embedded in your email server is usually never sufficient, especially because servers such as Office365 are subject to numerous attacks and threats, with their defense mechanisms well-known to any attacker. Having systems in front of your email servers (an Email security gateway), with greater and distinct security and control methods will amplify your coverage. It's also a good idea to keep AVs running in the endpoints.
  • Run regular phishing exercises and training - If properly trained, your employees can be your greatest defense from phishing attacks. If they can recognize threats immediately, they can stop the number one source of endpoint compromise.
  • People and Process aligned - When in doubt, use the specialists in your company, or third party services. The difference between a ransomware neutralizing your information may be how prudent you are. And if your organization has processes in place, both to verify emails, as well as to mitigate incidents, you may end up navigating in calmer tides then your competitors.
  • Use multi-factor authentication in your systems - If the corporate email account's credentials get stolen, multi-factor authentication can prevent an attacker from accessing it.
  • Ensure you can quarantine and remediate - With quarantine functionality, the email can be withheld and analyzed, allowing the malicious attachment to be removed or completely erased. Email remediation can detect a file as malicious after delivery and quarantine it from within a mailbox.
  • Focus your security on Threat intelligence and on Anti Fraud - Global sources aware of the new forms of spam and malware (happens daily!) should be included in your Email Security Gateway, as well as strict policies on accepting email regarding the available authentication (DMARC and SPF, for instance), which will ensure senders are not sending email through unauthorized sources (and pretending to be someone else) .
  • Integrated cybersecurity solution - Helps determine if advanced malware has been delivered to users.
Isn't my Office365 or Google suite enough? 

These tools are, nowadays, the standard productivity platform in organizations of all sizes. It is a cost-effective solution that also provides a basic level of cloud email protection. But, with increased global usage comes various risks, and these tools became an attractive target for cyberattacks, forcing the businesses to seek additional cloud email protection, which in turn places them in advantage against smaller companies (attackers usually choose the path of least resistance, even if profits are smaller).

Office 365 offers advanced capabilities with their top-tier solutions which are, regardless, contained to their infrastructure. Nevertheless, and if you don't find the budget to upgrade your security, you should:

  • Use recommended actions, such as Secure Score - This tool uses analytics to recommend actions you can take to keep digital assets safer.
  • Create anti-ransomware mail flow rules - They can block malicious attachments, preventing attackers from locking you out of your data systems or devices.
  • Use Office Message Encryption - As the first layer of security, it blocks outsiders from viewing emails.
What about outbound emails?

It's vital to also take into consideration data protection and securing outbound traffic. In other words, putting measures in place to prevent users from sending sensitive data via email to external parties. It's not just a matter of Data Leaking -If your organization is infected it may be used for launching attacks against your partners, making you liable in many ways.

Go Beyond Security Basics

Cybersecurity is an investment in which the results are just the lack of problems - This is hard to measure, but easy to explain, given that every year, we learn about the millions of earnings for attackers and the hundreds of data breaches companies complain about. So it's best to stay on the advanced side of your industry and go beyond basic functions, especially nowadays where companies can face legal issues if they are not doing their best efforts to fulfil GDPR and similar regulations.

To learn how Anubis Networks can help you, request a demo today

Free Trial Mail Protection System