Email is one of the most common forms of business communication today. And we often take for granted that it is a secure form of communication. After all, email services provide security for their email services.
Yet how can you be sure the email security provided is enough? Is your email safe?
As we’ve seen time and again, trusting the security of any technology service offered by a third-party can lead to security breaches. This is especially true with email, since the most common IT security threat used by hackers today are emails. An estimated 75 percent of identified, impactful threats were initially entered via email attachments and 46 percent of attacks were executed by users clicking web links in email, according to the SANS Cyber Security survey. Emails can carry ransomware, attachment-based malware, URL-based threats, impostor-driven schemes like business email compromise (BEC) and spear phishing attacks.
Even a paid product like Microsoft Office 365 -- which includes Microsoft Exchange Online Protection (EOP) -- does not always fully protect organizations. While it does offer a solid first line of defense against security threats, it isn’t a comprehensive security solution that can adequately protect from polymorphic threats and zero-day attacks, due to its technical limitations.
Microsoft is not a company that specializes in email security and protection. Hackers are more agile than ever, changing their attacks and techniques constantly in order to bypass traditional email protection measures.
Download the Office 365 email protection white paper
Since built in security isn’t quite enough, it’s important not to replace it entirely, but to compliment it with additional security layers, in order to block new and evolving attacks. The goal of third-party email security products is to fill in security gaps between existing cloud email systems and incumbent SEGs, in order to create a catch rate closer to 99.9999 percent, rather than 99.9 percent.
The following are some of the key best practices for securing your email, as outlined by Gartner:
Use Multiple Antivirus Engines
To increase detection and prevention rates, use a diverse array of antivirus engines that scan email content. You can use one antivirus engine at the email gateway and another for your endpoint systems. Ideally, the email gateway should support the use of multiple engines.
Consider SEGs
Review and consider secure email gateways (SEGs) that can guard against both URL links and attachments with active content that cannot be blocked by policy (such as PDF and Microsoft Office file types). Strip out or quarantine all executable content from email attachments, and ensure that all email content types and attachments are being evaluated for malware.
Mobile Security
Recognize that all mobile devices must be addressed with endpoint security technologies, mobile device security, and secure Web and email gateway services because their network traffic does not pass efficiently through legacy network defenses (backhauling traffic often creates greater latency).
Whenever there is a security vulnerability, no matter how small, hackers are likely going to find it and exploit it. When considering a layered email security approach, it’s important to find a solution that provides: