Business Email Security In 2020-21

Nathan Hill-Haimes

6 MIN READ

Preventing malware and ransomware attacks in your ...

Cybercrime is one of the most dangerous things for private and public sector organisations to deal w...

5 MIN READ

    Almost every business relies on email as one of our modern ways of communicating. However, despite the vast number of us using email, many of us are unaware of the cyber security threats which email poses.

    business email security

     

    Email security threats you should be aware of

    Did you know emails can contain malware, such as ransomware and viruses? For example, an email you receive could contain malicious code which is designed to run when you open the email. Although, the most common type of malware is found within email attachments or links within the email itself.

    Another major issue is the rise of phishing emails, which claim to be from reputable businesses and financial institutions. These emails are carefully designed to mimic emails which the user would expect to receive, so recipients are enticed to visit fake websites and enter confidential information. These websites could ask for personal details and bank account information, which is then sold to criminals via the dark web.

    The most sinister email threats are designed to gain access to companies email systems, by contacting the employee which is responsible for making payments. The attacker will pose as a senior executive and ask an employee who is responsible for payments to send a substantial sum to the attacker’s bank account. They may even pose as another company and inform an employee that the payment details have changed, so future payments are sent to the attacker’s bank instead.

    These are examples of monetary losses; however, attackers may focus on stealing data, reducing productivity and even alienating customers. As you can see from these examples, email security should be a top priority for all businesses.

     

    secure business email

     

    How to secure your businesses email system

    The majority of email security threats occur when an email enters a company’s email system. This means companies are able to detect these emails when they enter the system and also when they are delivered to the recipient. To increase the chances of these emails being detected at one of these points, it is possible to install an email security gateway.

    A gateway is often a type of software which companies can install on their email server or via a gateway appliance. However, there are also some email server products which already include email security software. There are a variety of functions which email security will provide, including:

    1) Filtering spam - The majority of malicious emails are sent out in vast numbers, in the hope of infiltrating as many systems as possible. However, up to date spam filters will spot these emails and prevent them from being delivered.

    2) Attachment scanning - Effective gateways are designed to connect to networks which detect threats. These detection networks recognise millions of malicious attachments around the world. This means that if a malicious attachment is sent, the gateway will block the email before it is even able to enter a company email network.

    3) Scanning links - These scanners are designed to check the links contained within emails as they are received at the email gateway. The scanners will check what happens when the link is clicked to find out whether it is malicious before it enters a company network.

    4) Protection against data loss - There are some email gateways which are designed to check the data within emails sent by companies themselves. This is designed to prevent the sending of emails which contain sensitive information. The software may even encrypt the data within the emails, as part of GDPR compliance.

    5) Blacklisting - This is designed to block all emails which are received from known malicious domains or email addresses. It is even possible to block emails received from specific countries.

    There are many email security gateway providers available, including Mimecast, Proofpoint, Barracuda Networks, Cisco, Email Laundry and Fortinet.

    Protecting email endpoints

    Email security gateways can provide some protection to organisations; however, they are unable to protect against threats which are delivered straight to an employee’s computer. For example, if an employee accesses their own personal email account via their work computer. This means all businesses should run protection software on individual computers, to protect against malicious software, viruses and ransomware.

     

    email security training

     

    Email security training for employees

    Despite email security software being very effective, it is never 100% effective. However, by training employees to spot email threats, it is possible to add another layer of protection. There are some simple rules which all employees should be aware of:

    1) Never click links from unknown sources

    2) Never open an email attachment from an unknown source

    3) Never follow any links within emails pointing to financial institutions

    4) Always consult another senior executive or manager before transferring funds

    5) Never use a public WiFi spot to connect to a business’s email system

    As part of employee training, it is possible to send simulated phishing emails, which will help employees learn to spot them.

     

    encrypted email

     

    Encrypted email

    Email systems were never designed with security in mind, so message contents, usernames and passwords are sent without encryption. This means it is possible for attackers to access a mailbox and read all messages.

    To prevent eavesdropping, employees should never use a public WiFi connection to access work emails. If the internet connection is protected using WPA-based encryption, the email login details should be protected. However, this encryption only protects the email credentials, so emails are still vulnerable.

    It is possible to encrypt emails which are sent or received via email servers via an SSL/TLS connection. Although, if this type of connection is not supported a VPN connection can be encrypted. The only person who can decrypt the email is the intended recipient. Most systems are designed to use symmetric encryption which sends an encrypted email with a private key, to ensure it is only opened by the matching recipient.

    Many email providers will handle private keys and encryption automatically. For example, within Outlook both parties can send encrypted emails by digitally signing their emails. Although, some organisations will install addition encryption gateway software, which will ensure employees comply with security policies.

    Compare Fibre Internet Prices In Real Time At Your Location

    Introducing AmviaSearch - The Fastest Way To Get The Best Business Fibre Deal Online

    SEARCH NOW

    Subscribe Now

    Get comparisons, reviews, the latest trends and prices for fibre internet, VoIP phone systems & IT security from Amvia.

    Happy young couple calculating bills at home

    Related Posts:

    Preventing malware and ransomware attacks in your ...

    Cybercrime is one of the most dangerous things for...

    5 MIN READ

    Business back up and avoiding ransomware

    The trend towards home working has been accelerati...

    6 MIN READ

    Small business energy suppliers focus

    One of the major areas any small business should f...

    7 MIN READ