E-Mail is one of the most commonly used applications in the world.\u00a0 It provides organizations with a quick and cost effective means to communicate and, from inception, it quickly became a necessity most businesses could not live without.\u00a0 However, hackers are keenly aware of this fact as well and continuously devise new creative ways to exploit any possible vulnerabilities for profit.\u00a0 At TSI, we strive to provide our clients with the knowledge and tools they need to mitigate this ever-present threat. We have outlined some key areas to developing a comprehensive E-Mail Security implementation.<\/p>\n
Spam Filtering:\u00a0<\/strong><\/span>\u00a0Spam filters are appliances that can be deployed on-premises or in the cloud and are the first line of defense against E-Mail attacks.\u00a0 Not only can they drastically reduce the amount of junk mail users receive, they can also block E-Mail from blacklisted unsafe senders, remove messages with harmful verbiage and\/or attachments as well as warn users if the sender of a message is impersonating someone else.<\/p>\n Firewall:\u00a0<\/strong><\/span>Most SMBs know what a firewall is, but many are unaware of their full capabilities.\u00a0 Modern firewalls have the ability to detect anomalies in network traffic in real-time and discard\/quarantine anything deemed unreliable before it ever reaches the intended recipient.\u00a0 Firewalls also have built-in content filters capable of preventing users from browsing potentially harmful websites that contain malicious URLs embedded in E-Mail messages.\u00a0 They can also be configured to only allow E-Mail traffic that has been routed through an organization\u2019s spam filter before delivery.<\/p>\n Antivirus & Antimalware:<\/strong><\/span> Antivirus and Antimalware applications are a small but significant component of an E-Mail security strategy.\u00a0 They can remove dangerous attachments from E-Mail messages and prevent users from unknowingly navigating to a suspicious link.\u00a0 However, in order for these applications to be effective, it is imperative that they be maintained and kept up to date.\u00a0 IT Security is only as strong as its weakest link and missing a single maintenance window has the potential to wreak havoc on a network.\u00a0\u00a0 A vigilant, consistent approach to AV\/Antimalware maintenance should be a crucial part of\u00a0your IT Security policy.<\/p>\n Password Management:<\/strong><\/span> Password management is often overlooked by many SMBs today, but it is a huge factor in a properly designed security strategy.\u00a0 30% of investigated data breaches last year were found to be caused by the use of weak passwords, yet surveys indicate that 49% of passwords are still considered to be weak.\u00a0 Insecure passwords can be exploited by hackers to gain access to your E-Mail.\u00a0 Once access is obtained, attackers will then use your E-Mail account to attempt a number of malicious attacks such as Phishing campaigns and wire transfer scams.\u00a0 They will also have access to any sensitive information that may be stored in the account.<\/p>\n The problems that arise from the use of weak passwords are compounded by the fact that 70% of people admit to using the same password for multiple systems and that 51% are opposed to having to remember yet another complicated alphanumeric password. \u00a0A proper password policy should follow the guidelines in the infamous \u201cUnderwear Analogy\u201d which states:<\/p>\n Passwords should be treated like underwear.<\/span><\/em><\/p>\n You should not be able to guess what they look like.<\/span><\/em><\/p>\n They should be changed frequently.<\/span><\/em><\/p>\n They shouldn\u2019t be left out in the open for everyone to see.<\/span><\/em><\/p>\n They should not be shared with anyone.<\/span><\/em><\/p>\n Password management applications ensure all of these guidelines are met, while increasing the productivity of employees.\u00a0 They ensure complex passwords are used, regularly changed, and eliminate the need to memorize them.\u00a0 They allow a user to log into a system with a single click of a mouse. Further, passwords are stored in the application using military grade encryption, which satisfies password compliance requirements from regulatory agencies such as HIPPA, PCI-DSS and SOX.<\/p>\n User Education:<\/strong><\/span> End User Education is by far the most critical component of an Email-Security Strategy.\u00a0 There is no such thing as a bullet proof security policy; threats will inevitably find their way to an organization\u2019s user base.\u00a0 The sooner this realization is accepted; the sooner it can be properly mitigated.<\/p>\n The most devastating breaches are rarely the result of a sophisticated attack.\u00a0 Rather, they are the consequence of employees who unknowingly provide hackers the keys to the kingdom.\u00a0 It is imperative that a healthy degree of paranoia is instilled in end users so that it becomes second nature to think twice before clicking on links or attachments in E-Mail messages, even those that appear to come from legitimate sources within the organization.<\/p>\n One of the most effective ways to develop this awareness is to conduct routine Phishing Drills in which regular, targeted E-Mail messages containing suspicious attachments and links are sent to all employees.\u00a0 The results are then analyzed and detailed reports are generated that indicate which employees may need to refresh their training on E-Mail security best practices.<\/p>\n Users should also undergo regular training on the proper use of E-Mail.\u00a0 Messages containing sensitive information such as social security numbers, employee tax or salary information, credit card numbers, etc. should be avoided.\u00a0 If sensitive information must be sent via E-Mail, use an application capable of encrypting the contents of the message, both at rest and in transit.<\/p>\n Business E-Mail should be kept separate from personal E-Mail at all times.\u00a0 All of the E-Mail security tools in the world cannot help a company whose employees regularly conduct business with their own personal E-Mail accounts, outside of company control.\u00a0 Consider monitoring and\/or blocking access to personal email accounts from company resources and forcing remote users to connect to a corporate VPN before using company E-Mail.<\/p>\n Final Thought:<\/strong><\/span> Although E-Mail security risks have increased dramatically in recent years, there are a number of tools and strategies that can be implemented to mitigate these risks.\u00a0 Work proactively with your IT Team and\/or Managed Services Provider to identify and remediate potential threats as well as ensure company employees are educated in security best practices.\u00a0 Work with a security professional to develop a WISP (Written Information Security Policy) specific to your organization, review the document regularly to ensure that the policy is being followed and enforced.<\/p>\n Unfortunately, there is no way to prevent all E-Mail attacks from reaching a user.\u00a0 The good news is most hackers are lazy and rely on automated processes to do their dirty work for them. An organization that implements E-Mail Security practices is far less likely to be a victim of a breach, and will likely be passed over by a potential attacker. To learn more on how TSI can help you with E-Mail Security, Contact Us<\/a> today!<\/p>\n If you found the information in this blog post helpful and you'd like to discuss your business' technology strategy, then we'd be happy to hear from you.<\/p>\n<\/div>\n\t<\/div>\n<\/div>\n\n\t\tConfident with Your IT Strategy?<\/span>\n\t<\/h2>\n\t<\/div>\n<\/div>\n