6 Best Practices for Email Security


While multiple modes of communication have mushroomed in the past few years, the good old fashioned email remains the top means of communication for the businesses. It also remains the top priority for all social engineers out there who come up with new creative ways to use it to spread malware, enter into the networks or grab a bunch of high profile passwords.

The numbers prove it all. Users sent 30 trillion emails in 2018 and around 92% of the malware was delivered through it.

If the problem is so severe, why can’t we do something about it? Well, technology can help only to a certain extent. Post that we need to apply common sense which people seem to abandon the moment they step into the virtual world. When I was a kid, I remember, my mother told me not to open doors for strangers if I was alone. This good old fashioned advice seems relevant in the virtual world too. However, we just don’t seem to follow it.

Here are 6 best practices/pieces of advice which can help your business tide over the issue of email security.

1. Awareness is the key

You have a web-based training which associates are supposed to take when they join the organization. Most organizations believe that such a kind of awareness is more than enough. Unfortunately its not. The training needs to be regular and more importantly measured through the use of phishing simulations or malware simulations to better understand the behaviour of the employees. This feedback should then be used to build upon the training program and special awareness sessions for the employees who are repeat defaulters. Remember, even 1 person’s negligence is enough to bring down an organization.

2. Recommend easy to use passphrases

Multiple organizations have a password management policy that mandates the use of a minimum 7 / 8 character password with a mix of numeric and alphanumeric characters. This encourages users to keep passwords such as P@ssw0rd, Oct@2019, Name@123 etc. Rather than enforcing such a policy, it would be much better if users are encouraged to use passphrases that are at least 14-15 characters long. “IsawthemovieJ0ker” is a much a better password than keeping P@ss1234 just to adhere to the password policy.

Many experts may have different opinions on this, but, I feel strongly that passphrases are much better than passwords.

3. Two locks are better than one.

Build as many restrictions as you can in the path of a thief, well, just to slow him down from reaching the prized possession. In the case of an email, it is much better to implement two-factor authentication. The concept is simple. But it is an excellent data loss prevention practice as it makes life much more difficult for hackers and those who wait to sneak a peek at your emails.

Even if a criminal manages to guess or retrieve the passwords to your account, two-tier authentication will mean that the individual will still require a code to get your messages and cause issues. That code is usually sent to your phone via a text message. Do not make the mistake of sending it to your computer because you never know who is watching.

Two-tier authentication is one of the best ways to protect social media or a web application from a data breach. It also works with virtually any cloud storage service you might be using.

4. The Blacklist 

Well, a blacklist is always welcome. A tv series with the same name is one of my favourites. A blacklist can be of a lot of the help to the email administrator. This list helps to prevent known spammers or cyber threats from ever making through to your inbox. Whether you’re doing it in-house or are using a third-party blacklist authority, just make sure that it’s being done at all. There are a few ways to maintain the list — it can be maintained by domain, email address, and IP address/range.

5. Make it sound gibberish

I love encryption and this is one of the must-haves in your email security deployment. All emails to and fro must be encrypted.

6. Scan all emails for viruses and malware

You need to make sure that only good emails enter the server. Email is one of the most sought after ways to deliver truckloads of malware. Hence it becomes all the more important to scan all incoming emails for viruses and malware.

Deploying a cloud-based antivirus is the best bet in the current scenarios to be safe from ransomware attacks and malware.

These are some of the best email practices that you can deploy. What is your organization doing additionally? Would love to hear from you in the comments section.

Comments

You may also like to read...

How to Pass the CISSP Exam in First Attempt

The CISSP CAT Exam Experience

How to Pass SSCP Exam in the First Attempt