9 Questions That Will Help You Choose The Right Email Security Solution

  • 25 August 2020

When it comes to creating a cybersecurity strategy, security leaders have a lot to consider. There are various threat vectors, dozens of “types” of data to secure, thousands of products on the market, and oftentimes limited budget to work with.

But, in this article, we’re going to focus on email security. Why? Because 90% of data breaches start on email.

Data could be compromised via a spear phishing attack. Malware contained in one malicious attachment could infect an entire organization’s network. Insider threats could easily exfiltrate data for financial gain simply by emailing spreadsheets to their personal email accounts.  

That’s why email is the threat vector security and IT leaders are most concerned about, and it’s why choosing the right email security software is so critically important.

Keep reading to learn:

  • What nine questions you should ask when choosing an email security solution 
  • The solutions other security leaders across industries use to protect their people on email
  • Why Tessian may be the right email security software for you
  • How to get buy-in from your CEO after you’ve decided what the best solution is for your organization

1. Is it easy to deploy?

Cybersecurity solutions should make life easier for your employees and your IT department. And, the bottom line is, a complicated setup process wastes time and resources. Worse still, it could lead to errors in deployment which may leave your company vulnerable.

That’s why email security software must be easy to deploy across your organization and it should seamlessly integrate with a variety of email clients, all without any administrative burden.

Before getting too far into the sales process, make sure you find out what support the vendor will provide, how long deployment takes, and – whenever possible – talk to an existing customer to find out how their deployment was. 

2. Is it scalable and customizable?

As your company grows and changes, your business tools must adapt. This includes email security software, which should work for you consistently, regardless of your company’s size. If you scale up or down, your email security software should change with you.

Email security software must also allow customization so that it really aligns with your risk appetite, your employees’ preferences, and your specific business context. Too little flexibility is stifling — but too much choice is overwhelming (and could be resource-intensive). 

3. Does it prevent a wide range of threats?

Today, cybersecurity solutions must detect and prevent a broader range of threats than ever before. And, when it comes to email security software, you have to consider both inbound and outbound threats, including:

  • Spear phishing: A sophisticated phishing attack in which the attacker emails a specific, named target. Verizon’s 2020 data breach report shows that 96% of social attacks (like spear phishing) occur via email. Check out more statistics related to social engineering attacks on our blog.
  • Misdirected emails: An employee accidentally emails personal or sensitive data to the wrong recipient. This happens more often than you might think. The UK’s privacy regulator cited misdirected emails as the number one cause of data breaches in quarter four of 2019-20 and, according to Tessian platform data, over 800 emails are sent to the wrong person every year in organizations with 1,000 people. 
  • Insider Threats: A trusted employee sends confidential or sensitive data to an unauthorized recipient. This recipient can be a third-party to whom a malicious insider is leaking intellectual property — or merely an employee forwarding correspondence to their personal email. Looking for more examples? We’ve rounded up 7 real-world Insider Threat examples here.

4. Can it keep up with the evolving threat landscape?

Online threats are rapidly evolving and email security software is only as good as its ability to keep pace with these threats.

Whether it’s vishing, smishing, or a new type of malware, hackers are always looking for new ways to take advantage of security vulnerabilities and unsuspecting (and often untrained) employees. 

Can your email security software keep up? Tessian can. Scroll down to learn how Tessian uses machine learning to automatically “learn” and evolve in tandem with the threat landscape. 

5. Are employees (and data) protected across devices?

Businesses are increasingly reliant on cloud computing, remote working, and home offices — particularly since the outbreak of COVID-19.

It’s hard enough to protect a set of company workstations located on company premises. Trying to manage security on any number of desktop, laptop, and mobile devices — located in offices, public places, and your employees’ homes — is even harder.

But, unprotected devices represent a critical vulnerability in your company’s security. That’s why the right email security solution will work on any device that employees can use to access company data.

6. Is it easy to see (and communicate) ROI?

It can be tough for security leaders to communicate the ROI of cybersecurity solutions. Why? Because it’s hard to put a value on something that hasn’t happened.

But, a strong email security solution will make it easy for IT teams to assess risk, review trends over time, and create reports that demonstrate how risk is downtrending over time. This way, key stakeholders can really see the impact. 

Unfortunately, a lot of solutions today are a black box when it comes to investigating incidents and garnering insights. So, when choosing an email security solution, consider what reporting tools the solution offers and whether or not any manual investigation is required.

Most security teams are already thinly stretched; communicating ROI shouldn’t be an added burden.

7. Is it easy for employees to use?

According to new research, 51% of employees say security tools and software impede their productivity. Likewise, 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job.

This proves that the most secure path also has to be the path of least resistance. If the security solution you’re considering has high flag rates, creates extra work for your employees, or isn’t user-friendly, it will go unused. This is a security risk. 

In layman’s terms: security shouldn’t get in the way.

8. Does it help ensure compliance? 

Increasingly strict data privacy laws are setting new standards for companies handling personal information. 

Businesses are accountable for taking a proactive approach to data security. You must take every reasonable step to ensure that the personal information in your control is kept safe and you must be able to demonstrate your security measures to regulators on demand. 

That means that, when evaluating potential email security solutions, you should not only understand what data loss incidents they prevent, but also which security certifications they’ve earned

9. Has it been vetted by relevant customers and industry leaders?

Before selecting an email security software provider, you must ensure that it is well-established and has testimonials from previous customers, preferably in your company’s sector.

Cybersecurity is a vast industry, and too many players are inexperienced, disreputable, or downright untrustworthy. You cannot afford to take any risks in choosing an email security software provider: reputation is everything in this field.

Is Tessian the right email security solution for you?

“Before we adopted Tessian’s technology, we didn’t believe we had any problems with misdirected emails. After a pilot, we realized that was only because these issues weren’t being reported. We can see the ROI in one email.”
Andrew Cheung Partner and General Counsel at Dentons

Tessian is easy to deploy

Deploying Tessian couldn’t be simpler. The software integrates with all email environments, including Office 365, Microsoft Exchange, and GSuite. And, plug-and-play intelligent filters make individual customization easy.

Setup is also extremely fast. Within 24 hours, Tessian analyzes an entire year’s worth of your organization’s historic email data. Immediately afterward, you’re protected.  No rules are required. 

Tessian is scalable and customizable

Tessian’s stateful machine learning technology is always evolving, designed to suit your business’s needs as it scales and changes over time.

Tessian automatically (and continuously) analyzes each employee’s historic email behavior to learn what is and isn’t “normal” for them. That way, it knows which emails to flag as anomalous. 

But, we also understand how important customization is. With Tessian Constructor, you can create and implement security rules specific to your organization.

Tessian prevents a wide range of threats

Across three solutions, Tessian’s Human Layer Security platform can detect and prevent inbound and outbound threats, including advanced impersonation attacks, Insider Threats, and accidental data loss via misdirected emails.

Tessian keeps pace with the evolving threat landscape

Tessian doesn’t rely on a list of signatures of known malware and scams. Our machine learning algorithms are actively learning all the time, which enables Tessian Defender, Guardian, and Enforcer to spot unusual activity and discover new threats.

And, with Human Layer Security Intelligence, Tessian customers benefit from a sort of “herd immunity”. If a threat is detected in another environment – for example, a never-before-seen social engineering attack – Tessian’s entire community of users will automatically be protected. How? The suspicious domain will automatically be placed on a “denylist” and blocked. 

Tessian protects employees and data across devices

Tessian is an ideal solution for remote or hybrid work environments. It protects your employees and your company’s data on laptops, desktops, and mobile devices.

Tessian makes it easy to see ROI

Tessian Human Layer Security Intelligence provides security leaders with detailed, easy-to-understand and – best of all – automated threat reports. In a single click, you’ll be able to see how your risk profile has improved over a certain period of time.

Security and IT teams can also get detailed information about specific incidents. Zero manual investigation required.

Want to learn more about how Tessian customers can use HLSI to improve their security posture and communicate ROI? Read this: Introducing Tessian Human Layer Security Intelligence.

Tessian is easy for employees to use

Tessian is incredibly easy for anyone in your company to use.

In fact, Tessian barely requires any “use” at all. The software runs silently in the background without any impediment to your employees’ productivity whatsoever. Flag rates are low, warnings – when triggered – are helpful, not annoying, and our customers see a very low number of false positives.

With Tessian, the most secure path is the path of least resistance. It’s one piece of security software your employees will thank you for adopting.

“I’ve had emails from employees around the company saying how intuitive and helpful Tessian has been. That’s a great validation of the technology and the value it brings.”
James Holmes Chief Information Officer at North

Tessian helps ensure compliance

The key to compliance with privacy law is assessing risks to privacy and taking reasonable steps to mitigate these risks. Email represents a critical risk area in any company’s data security architecture.

Tessian can assist with compliance in a way that other email security software cannot. Tessian Guardian is unique in its ability to prevent misdirected emails, which are the leading cause of data breach, according to reports by the ICO and the California Attorney-General.

Given that misdirected email is such a common cause of data breaches, you must take steps to safeguard against this risk. 

But, it’s also important to note that Tessian was designed with security and privacy in mind. You can learn more about our security certifications and how we ensure data privacy and protection here. 

Tessian has been vetted by industry leaders

Leading organizations across industries rely on Tessian to protect their people and data on email. 

Here are just some of the many businesses that endorse Tessian, by sector:

Legal Customers

Financial Services Customers

Tech Customers

Insurance Customers

Healthcare Customers

Tessian has also received recognition and plaudits from industry bodies and tech experts. 

In May 2020, Tessian was recognized as a Cool Vendor in the Gartner Cool Vendors in Cloud Office Security report, which recognizes security solutions that “focus specifically upon securing applications, communication and data that occur within cloud office environments.

Tessian has also been independently tested by IT analyst firm 451 Research, which assessed how the software fared against its competitors in data-loss prevention.

According to 451 Research’s report, Tessian’s machine learning algorithms allow it to succeed in preventing data loss where rule-based solutions fall short. 

“Tessian is one of several new takes on data loss prevention that look to leverage new capabilities in AI, machine learning and natural language processing to deliver more effective DLP to prevent human error in emails.”
Garrett Bekker 451 Research Analyst

And, most recently, Tessian was included in Forrester’s Now Tech: Report for Enterprise Email Security Providers. You can read more about why Tessian was selected here

While there is no one-size-fits-all approach to email security, this guide should help you research and vet which solution is right for you. If you’re considering Tessian, why not book a demo to have these questions (and more) answered by one of our experts.

Not ready to book a demo yet? Learn more about your products, our customers, and our Human Layer Security vision via the links below:

Bonus: If you have decided which email security solution is right for you but you’re struggling to get buy-in from your CEO, read this guide with tips from the world’s most innovative and trusted organizations.