According to the 2020 Verizon Breach and Investigation report, Email is still the most common vector by which organizations are attacked. The importance of implementing email security best practices, therefore, cannot be exaggerated, considering most enterprises rely heavily on this channel for everyday business communications. Unfortunately, threat actors can often trivially exploit the overlooked vulnerabilities of corporate email security through vulnerabilities like the HAFNIUM (CVE-2021-26855), malware or ransomware, phishing attacks, and accidental configurations or employee mistakes.
Email Security awareness is critical to protecting an organization against email-based attacks. Training users to recognize the signs of a phishing email, especially the pretexts and techniques currently popular, helps to reduce the chance that they will open a weaponized file or click on a malicious link.
It is also good practice to teach employees to report suspected phishing emails to your organization's IT or security team. Reporting provides the security team with an event to investigate and respond if the phish compromised another employee.
Unfortunately, even with the best training program, a phishing email will sometimes be successful; and in many cases, the baked-in security features built into your email solution will not be able to catch the attack. Therefore, investing in a specialized email security solution is an excellent choice to prevent these malicious emails from ever reaching users.
Another serious problem for many organizations is credential theft. Phishing attacks often target users' passwords to gain access to company data, PII, and PCI information, which are often the target of threat actors. In addition, it is pretty standard for employees to use the same passwords for numerous accounts, especially when businesses have no practical way to manage passwords or enforce password best practices.
Phishing TTPs often encourage password resets or log in to an account with fraudulent/fake branding to scrape credential information. Unfortunately, it can often be challenging for a user to determine when an email is fake, even when an organization has email protection and awareness training in place.
This means one of the most critical email security practices is the implementation of strong password policies. Ensure your users are using strong passwords that are unique for each account, effectively limiting the danger of one phishing incident from leading to the compromise of multiple accounts. To help manage passwords better, organizations can implement Business Password Management solutions. These platforms allow employees to implement secure passwords quickly and give administrators visibility over who is using weak passwords.
Here is a great list of the top 15 password management principles
- Create A Strong, Long Passphrase
- Apply Password Encryption
- Implement Two-Factor Authentication
- Add Advanced Authentication Methods
- Test Your Password
- Don't Use Dictionary Words
- Use Different Passwords for Every Account:
- Secure Your Mobile Phone
- Avoid Periodic Changes of Personal Passwords
- Change Passwords When an Employer Leaves Your Business
- Protect Accounts of Privileged Users:
- Keep Your Business Offline
- Avoid Storing Passwords
- Be Vigilant About Safety
- Use Password Managers
Encrypting Email is a vital email security practice to protect your users' and company data. All business sizes need to be encrypting their emails, even small office/home office (SOHO), and it doesn't have to be complicated. Several cost-effective and easy-to-use encryption services are available that secure emails without making it difficult for people to send or receive important emails.
The primary purpose of encrypting emails is to ensure that emails are only ever received by their intended recipient while providing the confidentiality and integrity of transmitted information. Implementing encryption means senders have more control over email, including revoking access to emails sent to the wrong people, seeing when emails have been opened and stopping emails from being sent. However, they usually require users to authenticate to view encrypted emails.
Email security is vital for businesses because there has been a growth in malware attacks that aim to compromise emails, and if companies use encryption, attackers will not be able to view sensitive emails. Encryption also helps to help protect email data during transmission, stopping data from being intercepted.
SPF / DKIM / DMARC
SPF, DKIM, and DMARC are email authentication records that help protect organizations against attackers spoofing their domains. Although they can help stop spoofing attempts, the effectiveness of these protocols is limited by their lack of adoption. For example, the vast majority of organizations worldwide have not yet implemented DMARC, which means attackers can easily target vulnerable companies and spoof their domains.
An SPF (Sender Policy Framework) record is a TXT record in your DNS zone file. SPF records help identify which mail servers are permitted to send email on behalf of your domain. In addition, adding an SPF record can help detect and prevent spammers from sending email messages with forged From addresses on your domain.
Spammers can falsify email headers to edit the From address, so it looks like they're sending from an email address at your domain. This is referred to as spoofing and allows them to phish your users for private account information or otherwise abuse your reputation. This can result in the account owner receiving replies and bounce-backs for mail they never sent.
Adding an SPF record can decrease spoofing attempts to your domain. While they're not a full-proof guarantee against all spam, SPF records help specify which mail servers are permitted to send emails on behalf of your domain. When incoming mail servers receive email messages from your domain name, they compare the SPF record to the outgoing mail server information. If the data doesn't match, they identify the email message as unauthorized and generally filter it as spam or reject it.
DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to verify that an email was actually sent and authorized by the domain owner. This is accomplished by giving the Email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.
Once the receiver determines that an email is signed with a valid DKIM signature, it's inevitable that parts of the Email among which the message body and attachments haven't been modified. Although DKIM signatures are not visible to end-users, the validation is done on a server level.
Implementing the DKIM standard will improve email deliverability. If you use a DKIM record together with DMARC and SPF you can also protect your domain against malicious emails sent on behalf of your domains. Though, in practice, these goals are achieved more effectively if you use the DKIM record together with DMARC (and even SPF). For example, InQuest's SaaS Email Security uses both SPF and DKIM. Together they provide synergy and the best result for email security and deliverability.
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a protocol that uses SPF and DKIM to determine the authenticity of an email message.
DMARC records make it easier for Internet Service Providers (ISPs) to prevent malicious email practices, such as domain spoofing to phishing recipients' personal information.
It provides email senders the opportunity to handle emails that were not authenticated using SPF or DKIM. For example, senders can opt to send those emails to the junk folder or have them blocked. This functionality provides ISPs to identify spammers and prevent malicious emails from being delivered while minimizing false positives and providing better authentication reporting for greater transparency in the marketplace.
Email is a critical service for most enterprises; it is a top concern that this channel is secured. Implementing sound corporate email security best practices can help stave off attacks and data breaches. In addition, email security is key to building trust in your organization's operations, employees, and customers.
Adding InQuest's integrated email security solution provides the highest level of email security delivered by InQuest's Cloud platform without the burden of building and managing it yourself. InQuest's SaaS model protects various malware, ransomware, and threats, including targeted attack protection (TAP), phishing, impostor emails, business email compromise (BEC), spam, and more.