Are you implementing best practices to secure your organization's email?

Are you implementing best practices to secure your organization’s email?
RE: Evaluate your security posture

Posted September 2, 2022

Reading Time: 5 minutes

Protecting your organization from malicious threats can be a daunting task, especially as cyberattacks grow more sophisticated than ever before. With most vital communication during the pandemic conducted via email, the need for more advanced email security solutions has become more urgent.

The pandemic led to an influx of opportunistic cybercriminals as well as new vulnerabilities caused by an unprecedented hybrid workforce. In the height of it all, Google found malware and phishing emails directly related to COVID-19, and the Center for Disease Control (CDC) was forced to warn the public of phishing attacks.

To whom it may concern

Email continues to be the largest form of formal communication and, despite its age, it’s much more complicated than you might think.

Messages are written in an email client and then formatted to be transmitted using Simple Mail Transfer Protocol (SMTP). The sender’s mail server looks up the domain of the recipient’s email address to determine the destination mail server it should contact to deliver the message. The receiving server then accepts the message so that it can be properly delivered as the email client retrieves the message.

Throughout this entire process, every server and client must be properly secured, which is why it is easy for different types of email security threats to make their way through the chain. And while it may seem like it would be easy to spot, email security threats come in all shapes and sizes, including:

Spam – unwanted and mass-emailed advertisements. Spam email is usually sent out for commercial purposes and is difficult to trace. The top forms of spam are advertisements, antivirus warnings, email spoofing, and money scams.

Phishing – a form of social engineering used to steal sensitive customer data such as credit card or login information. Often phishing emails contain some form of malware, but the messages are more customized than spam.

Malware – an infected file or code delivered over a network to steal data or overtake a system. Methods of disbursement include email attachments, file servers, and file-sharing software.

Business Email Compromise (BEC) – a type of phishing email designed to steal money from an organization by mimicking legitimate requests.

I hope this email finds you

Email security has evolved from just the basic anti-spam solution of the past. Today, there are a variety of solutions that can be tailored to your organization’s needs. In 2021, Gartner® released their “Market Guide for Email Security,”* where they segmented the email security market into three main categories – SEG, ICES, and EDP. These are defined below:

Secure Email Gateway (SEG)

Email security for both inbound and outbound email has traditionally been provided by SEG solutions either as an on-premises appliance, a virtual appliance, or a cloud service. SEGs process and filter SMTP traffic, and require organizations to change their MX record to point to the SEG.

Integrated Cloud Email Security (ICES)

The adoption of cloud email providers that provide built-in email hygiene capabilities is growing. Advanced email security capabilities are increasingly being deployed as integrated cloud email security solutions rather than as a gateway. These solutions use API access to the cloud email provider to analyze email content without the need to change the Mail Exchange (MX) record. Integrated solutions go beyond simply blocking known bad content and provide in-line prompts to users that can help reinforce security awareness training, as well as providing detection of compromised internal accounts. Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.

Email Data Protection (EDP)

Email is fundamentally unsecure, and email data protection solutions add encryption to track and prevent unauthorized access to email content before or after it has been sent. EDP can also help prevent accidental data loss due to misdirect recipients.

Yours truly

It’s time to reevaluate post-pandemic email security practices. Whether your employees are working from the office or their living rooms, an effective email security plan is vital to securing your network.

Employee trainings – It’s important to keep employees well-trained on top phishing campaigns to thwart malicious links and compromised attachments. Mitigating human error with security awareness trainings can help keep your organization safe while allowing you to focus on what software works best in your environment.

Multi-factor authentication – To be granted access to a system, users are forced to provide two forms of identification. This makes it more difficult for a hacker to infiltrate said system.

Email passwords – Many cyberattacks occur simply because a cybercriminal was able to guess a password. Make your password a combination of numbers and letters – the longer, the better. Use different passwords to ensure if you do get hacked, not all of your email accounts will be at risk.

Email encryption – Many secure email hosting services already have encryption tools that make original emails unreadable until they reach the recipient. Recipients are forced to provide proper identification to unscramble the message.

Spam filtering – A great first line of defense, spam filters detect spam and stop it from hitting your inbox.

SHI can help you implement these simple solutions while also incorporating SEG, ICES, and EDP systems into your environment.

Whether you’re just starting to evaluate your security posture, or you’ve been dabbling in the art of trial and error, SHI can help build out the right email security solution for your organization. As a top partner of the industry’s best cybersecurity platform providers, we can help improve detection capabilities and replace legacy email gateways.

(Securely) connect with one of our experts to initiate a proof of concept (POC) and get started on your journey.

*Gartner, “Market Guide for Email Security”, Mark Harris, Peter Firstbrook, Ravisha Chugh, Mario de Boer, October 7, 2021.

cybersecurity, email security, phishing attacks

A male and female nurse stand in an office within a healthcare facility. The female nurse, standing stage right, is showing a tablet to her male coworker.

How to close the 7 IT and OT gaps threatening healthcare organizations
Don’t let your healthcare organization become a victim to avoidable cybersecurity breaches.

Reading Time: 4 minutes Don’t let your healthcare organization become a victim to avoidable cybersecurity breaches.

Is cybersecurity vendor consolidation worth it? Here are the pros and cons
Know the facts before making big changes to your cybersecurity solution stack.

Reading Time: 5 minutes Know all the facts before you make sweeping changes to your cybersecurity solution stack.

NIST CSF and HIPAA compliance: Know your true state with SHI’s CSAW
To futureproof your data security, you need to understand your security posture today. Luckily, SHI’s cybersecurity awareness workshop can help.

Reading Time: 4 minutes Learn how to swiftly remedy the gaps and risks threatening your NIST CSF and HIPAA compliancy.