DLP

Email Security: Best Practices and Tools to Lock Down Email

  • 09 November 2020

What messaging channel has more users than Facebook and WeChat put together, has been around since 1971, and today is one of the biggest communications channels worldwide.

You guessed it: email. 

Today, there are around 3.9 billion email users around the world and, with steady annual growth of 3% expected, we should have 4.3 billion email users by 2022. But, email wasn’t designed to be secure which means that the data sent back and forth every day is at risk of being compromised. 

The bottom line: It’s a serious security risk for businesses, which are now by-and-large bound to strict compliance standards. In fact, it’s the threat vector IT leaders are most concerned about protecting.

Keep reading to find out what email security is, how data can be lost or breached on email, and what employees can do to prevent data loss on email. 

If you’re looking for information about cybersecurity best practice while working remotely, check out our ultimate guide here.

But, why do organizations need to secure email? Because it’s “open” by nature. An unlocked door. That’s how it was designed! It actually started as an intra-organization chat tool.

 

  • A bit of history for your next pub quiz

    In 1969, ARPANET, a US Department of Defense network and the forerunner of the modern internet, hosted the first electronic message sent between two different computers.

But an open network is an at-risk network. Anything can come in or go out. 

Bad-intentioned hackers can send malicious attachments and malware-ridden into any organization, so long as they have the email address of just one employee.  Likewise, bad-intentioned employees can send sensitive data outside of an organization, simply by hitting “send”. 

That’s why we have two categories of email security.

Inbound email security: Inbound email security protects against threats like spam, phishing, spear phishing, and other advanced impersonation attacks

Outbound email security: Outbound email security prevents data exfiltration and prevents accidental data loss via misdirected emails

To really understand how email security works, you have to understand how email works, which we’ll cover next. 

Not interested in the nitty gritty of email? Skip down the page to learn more about:

  • The different types of email security solutions
  • Best practice for email security
  • How Tessian detects and prevents both inbound and outbound threats on email

Email 101: How does email work?

Put simply, email operates by way of servers speaking with each other. 

The framework that governs these communications is called Simple Mail Transfer Protocol (SMTP). SMTP is the protocol, which governs how servers send and receive packets of email data. The server sending an email will “push” the email to a receiving server.

There are three key component parts of each email, all of which are to some extent based on traditional, physical mail.

The envelope

The envelope is the initial information pushed by the server sending an email to the receiving server. It simply indicates the email’s sender and recipient, as well as some validating commands exchanged between the sending and receiving servers. Email users can’t see the envelope, since it is part of the internal routing process for emails. 

The header

The email header, which is transmitted alongside the body of the email, contains metadata such as the time the email was sent, which servers sent and received the data, and so on. Email clients (such as Outlook, Gmail etc) hide header information from recipients.

The body

The body of an email is simply the content that a recipient sees and interacts with. 

The envelope, the header and the body are all potential weak spots in organizations’ security perimeters. It is not difficult for an attacker in control of their own email server to spoof details of an email’s header, for instance, or to target an employee with a convincing impersonation of a trusted colleague or partner. (See other Tessian blogs for examples of display name and domain impersonation, which are regularly used to target enterprises and their employees in spear phishing campaigns.)

So, what solutions exist to prevent inbound and outbound email threats?

Different types of email security solutions

Secure Email Gateways

Secure Email Gateways – also known as SEGs or Email Security Gateways – have been deployed by organizations for decades. SEGs offer an all-in-one solution that blocks spam, phishing, and some malware from reaching employees’ inboxes. They might use email encryption to make communications harder to intercept.

As with DLP tools (see below), SEGs operate by way of extensive lists of rules that only defend against threats the system or organization has seen before. 

SEGs use various methods to detect threats in emails. Generally, they inspect links and attachments, and apply rules to the email to raise suspicious characteristics (like if the email originates from a blacklisted IP address).

Importantly, though, they can’t stop more advanced attacks like spear phishing. This is especially problematic because today, cybercriminals are using increasingly sophisticated social engineering tactics to bypass SEGs and trick end-users. 

DLP

Essentially, Data Loss Prevention (DLP) software ensures that organizations don’t leak sensitive data. 

DLP software monitors different entry and exit points within a corporate network, such as user devices, email clients, servers and/or gateways within the network. Like SEGs, DLP tools are invariably rule-based, limiting the range of new and evolving threats DLP products can defend against.

Interested in learning more? Check out these articles: 

  1. What is Data Loss Prevention?
  2. A Complete Overview of DLP on Email
  3. The State of Data Loss Prevention 2020
  4. The Drawbacks of Traditional DLP on Email

SPF / DKIM / DMARC

SPF, DKIM and DMARC are email authentication records that, in short, help protect organizations against attackers spoofing their domains. Although they can help stop spoofing attempts, the effectiveness of these protocols is limited by their lack of adoption. The vast majority of organizations around the world have not yet implemented DMARC, which means attackers can easily target vulnerable companies and spoof their domains. (For more information, head to Tessian’s blog on DMARC.)

Given the shortcomings of these traditional solutions, security leaders must educate their employees on best practice so that they’re well-equipped to defend against email attacks and prevent data loss (both accidental and malicious).

Best practices for email security

Here are a few key strategies virtually all organizations can employ to help them defend against cyber threats on email.

Password protection

Even when organizations and attackers are in a cybersecurity arms race, the basics of good security still apply.

Email accounts need strong passwords: a good guideline is that if you can remember your password, it isn’t strong enough. If your organization uses a password management tool like Lastpass or 1Password, make sure all passwords are stored on that system. Top tip: You should also consider implementing 2Fa.

Manage sensitive information carefully

Organizations control all kinds of sensitive data, and the popularity (and necessity) of newly flexible working habits means that security leaders need to be especially vigilant as to how data moves inside and outside organizations’ networks. To control the flow of data, organizations implement policies and procedures, including access controls. 

But, these controls and human policies can impede productivity. In fact, 51% say security tools and software impede their productivity. Another 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job.

Leverage technology to train employees

Training and awareness is regularly talked up among cybersecurity practitioners. 

The problem is, taking employees away from their day-to-day duties and delivering context-free workshops on cybersecurity will rarely result in better vigilance and lasting threat protection. It’s important to invest in technology that can deliver in-situ, contextual training, allowing employees to learn from activity taking place in their own inboxes. You can read more about the Pros and Cons of Security Awareness Training here.

While password protection, access controls, policies, and training can all help improve an organization’s email security, they alone aren’t enough. After all, to err is human! That’s why we can’t leave people as the last line of defense.

And, since traditional email security solutions like SEGs and rule-based DLP can’t stop more advanced threats, security teams need to look at next-generation technology like Tessian. 

How does Tessian detect and prevent inbound and outbound threats on email?

Tessian’s approach to email security is different. We call it Human Layer Security and, across three solutions, we prevent data exfiltration, accidental data loss, and spear phishing attacks.

Powered by machine learning, Tessian maps employee email activity and builds unique security identities for every individual. Our algorithms can then predict when inbound and outbound email activity is normal or abnormal and detect potential security incidents before they become breaches. No rules required.

We secure hundreds of thousands of employees at some of the world’s leading enterprises. But, don’t take our word for it. Take it from them! We have dozens of customer stories.

Or, if you’re interested in learning more about how Tessian can help your organization level-up its email security, speak to one of our experts today.