5 High Level Email Security Tips

"64% of IT security professionals believe that email attacks pose a high threat to their organization..."

In a world defined by its uncertainty, at least one thing can be depended on: when just 24% of IT security professionals view their infrastructure as “extremely secure”, there's a nightmare waiting to happen – data breaches seem more a question of "when" than "if". But there are ways that you can significantly cut down on the risk they pose your organization.

#1: Educate your employees

The very first, and arguably most important step you can take to better protect your email communications is to educate your employees. There are a number of solutions available to protect your organization from cybersecurity threats, ranging from anti-virus software to firewalls, to email gateways. But the biggest point of failure in any organization is likely to be your employees. They're the ones handling all the sensitive data and deciding where it gets sent. If they make a mistake, all the Data Loss Protection software in the world won't help.

The Information Commissioner's Office has recently released a suite free of posters to help you combat the human error element.

#2: Be proactive

Data loss over email becomes so much more difficult to tackle after it's already happened. Having a plan in place for what to do in the event that an employee does leak data over email is good; preventing the leak from occurring in the first place is so much better. Invest in technologies and platforms that will enable you to better understand how your employees communicate with each other, and people outside the organization.

McAfee's 2017 security prediction report Hard-to-Solve Security Challenges stated the possibility of:

  • Business email compromise (BEC) scams duping decision makers into money transfers
  • Spear-phishing as a gateway for APT for long-term espionage or data theft
  • Increased targeting of "physical devices" such as mobile, workstations, and point-of-sale
  • More malware via fake advertisements and other emerging methods

When all evidence suggests that this problem is only likely to grow, the question is not whether you respond, but how.

Our recommendation?

Protection is prevention: information security professionals should prepare for highly sophisticated, email-based attacks.

#3: Get the basics right

You know the drill: use encryption, be careful when using your corporate email account from public/shared computers, and don’t open emails from unknown sources. Getting the basics right is critical, as it will allow you to build an information security infrastructure on a great foundation. Most importantly, however, don’t let taking these steps lull you into a false sense of security.

When research suggests that the top worry for 45% of IT professionals is, in fact, internal, you have another battle on your hands.

Confidence comes hand in hand with capability. If you’re still using out-dated Exchange software, the extent to which you can guard against internal and external attacks is already inherently limited.

With this in mind, it comes as no surprise that confident IT security professionals are more than twice as likely to think that C-suite involvement in email security strategy is “very appropriate” – and 1.4x more likely to actually have that engagement.

In this way, our mistakes and negative experiences are, in fact, an opportunity – as exemplified by the fact that managers with recent, direct experience with an email hack/breach are more likely to have plans to migrate to Microsoft Office 365 in the next two years.

Discard the “if it isn’t broken, why fix it?” mentality: why wait until something goes wrong to implement much-needed change?

#4: Don't forget about mobile devices

Corporate email now exists in an interesting space between work and home where it is not solely tied to employees' desks. Using email on the go, on various devices (laptops, tablets, smartphones) greatly increases the potential for mistakes. A data breach caused by a misdirected email could very easily occur when sending an email on a packed train, accidentally picking the wrong recipient from a "helpful" autocomplete list. Many email DLP platforms can only protect on a computer, or only within a certain client, use cases which need to be acknowledged and accounted for. It's important that you find a way of securing your email network regardless of how an employee accesses it.

#5: Stay ahead of the curve

As well as getting the basics right, it's a good idea to always be looking ahead. Information security platforms and techniques are constantly evolving. People are consistently producing amazing new ways of tackling threats and risks that had so far gone unsolved. Seek out the companies building cutting-edge new solutions and see if they're a good fit for your company.

About Tessian

Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?

Book a demo to learn more about the email security platform