We live in an age where communicating is easier than ever. In business, despite all of the other tools that are available for this purpose, email remains the most popular form of inter-business, inter-staff communication.
But email also remains the most popular attack vector for hackers looking to compromise internal systems. This is the prevailing sentiment in the security industry going on every talk I’ve ever had with security experts, and it can be further validated by a simple Google search.
That’s because hackers still like phishing attacks, and the delivery method for that is, you guessed it, email. Lately, they’ve perfected another, even more focused email-based attack that’s been dubbed “spear-phishing” due to its pointed nature.
This, despite all the fancy appliances sitting between the wider internet and end users’ inboxes and all of the cloud insights powering anti-spam and anti-phishing technologies.
Even with those in place, some phishing attacks still get through because that’s just the nature of cyberthreats: they’re constantly getting smarter because they have to, and as a result they seem to always be a step or two ahead of the good guys.
Still, that’s no reason not to put those measures in place. There are definitely things companies can do to protect themselves against the worst of business email attacks, and we’ve put together a checklist you can run through to ensure your protection is as comprehensive as possible.
1. Make sure you can see everything
Knowledge of what’s going on at the edges of your network isn’t enough to stop the bad guys, and it’s utterly essential that you know where emails are coming from and what they contain once they’ve entered the network.
Having retrospective security measures in place that can see and contain any threats that enter your environment is highly useful for remediating attacks; even highly advanced ones that change over time.
2. Automation is key
Having retrospective measures in place is a good first step, but they should also be automated so that threats can be detected, contained, and remediated without human intervention to minimise any damage.
With automatic intelligence built into these monitoring and analytics tools, even the wiliest of malware that changes appearance over time can trigger the reputational analysis that identifies and contains it and be caught in the act without actual people involved.
3. Avoid social engineering
The reason even the smartest security sometimes fails is because hackers know that people are the weakest link in the security chain, and do everything they can to “socially engineer” people into delivering their payloads. You can’t stop someone from clicking on something they shouldn’t if that’s what they choose to do despite warnings, in other words.
Defeating social engineering by email requires educating end users, validating and integrating executive user identities, and implementing sender policy frameworks to prevent hackers from getting what they want.
4. Keep your data safe
Critical data leaving the premises, either maliciously or accidentally, can be avoided with intelligent, content-aware, policy-based data loss prevention capabilities that use a combination of outbound business email scanning, content encryption, and intelligent rate limiting.
5. Widespread use of encryption
Securing all business communications with multi-layered encryption is an excellent way to make sure that only authorised senders and receivers have access to it. It’s also a great way to ensure compliance with regulatory requirements.
Encrypting all communications protects financial, personal, and IP data theft. It ensures recipient registration, proper authentication, and per-message/per-recipient guarantees that make 100% sure that communications are shared only with authorised parties.
Talk to us
These five pointers make for an excellent starting point when evaluating the security of any email system.
For further information on email security, or to talk to someone about cybersecurity in general as it applies to your business, contact Tarsus SecureData’s Nico Goodall on 011 531 1000 or send him an email.