Mediastreet
Tag

Email Security

Browsing
In News

Cracking the Email Security Code: 12 Best Practices for Small and Midsize Businesses

No Comments

By Candid Wüest

It only takes one successful attack to spell disaster for a company. Learn how to protect your company with this email security best practice guide.

The number of emails sent each day is expected to top 330 billion this year.

Cybercriminals know this, with phishing and other email-targeting tactics the top attack vectors ― because they work so well. And as we discussed in the first article of this two-part series, “For MSPs, Next-Gen Email Security Is a Must,” advances in automation have made it easy to run these attacks at scale, with no organization too small to target anymore.

It only takes one successful attack to spell disaster. What can you do to protect your company? Although proper email security is never a walk in the park, we have prepared a checklist of email security best practices for small and midsize businesses (SMBs), divided into three categories: organizational culture, security posture management, and technology stack.

Organizational Culture

A security-first organizational culture bolsters email safety by prioritizing the following:

  1. Clear policies: Get IT and business leaders to co-formulate clear security policies, including email-specific ones.
  2. Continuous reinforcement: Make email security practices part of employee onboarding, ongoing training, and performance reviews.
  3. Peer buy-in: Buy-in for the company’s security strategy from non-security peers is crucial for good security outcomes for SMBs.
  4. Learning from incidents: Leverage email security incidents to address vulnerabilities and finetune policies.

Security Posture Management

Here are four best practices for email security posture management that SMBs can adopt:

  1. Timely incident response: A companywide incident response plan (that includes notifications, responsibilities, response and mitigation workflows, reporting, etc.) must be regularly tested and updated.
  2. Data loss prevention (DLP) program: A DLP program incurs costs, but the ROI is clear when a company can achieve near-zero RPO/RTO outcomes in response to ransomware or other data theft exploits.
  3. Systematic management of email passwords: UK survey: 82% of security breaches over the previous year started with weak email passwords. IT should enforce strong, unique passwords that are updated regularly.
  4. Clear reporting: Be able to demonstrate diligent tracking of email security metrics and effectively address incidents and vulnerabilities.

Staying on Top of Technology

Cyber threats are constantly evolving, increasing the pressure on businesses to optimize and modernize their protection. Ensure that your current email security stack is best of breed and up to date:

  1. Proactive refreshing of email security stack: SMBs with a process in place to proactively refresh their security technology stack achieve superior security outcomes.
  2. SaaS: A SaaS email security solution ensures continuous improvement while eliminating infrastructure overhead.
  3. Two-factor authentication (2FA): An additional authentication step considerably hardens email security. There are plenty of freeware and commercial 2FA solutions out there.
  4. Multiple, overlapping layers of defence: Sophisticated exploits require a multilayer defence based on email security gateways; anti-phishing or anti-malware tools; and threat intelligence solutions.

Using an MSP

MSPs have the resources and experience to deploy a well-integrated, end-to-end solution that protects their customers’ email flows. The benefits of using an MSP include:

  • 24/7/365 threat detection and response
  • Scalability
  • Easy integration with existing email infrastructure
  • Flexibility and configurability

It’s a win-win solution: The MSP works against the weaponization of email while the SMB can focus its resources on core business activities.

Acronis and Email Security

Whether a business manages email security itself or turns to an MSP, having an integrated data protection and cybersecurity solution that secures an organization’s online assets — including email — is critical. Learn how Acronis can help with its cyber protection solutions, featuring ML-based anti-malware, antivirus, and anti-ransomware protection, fail-proof patching, continuous backups, safe and rapid recovery, global threat monitoring, smart alerts, and more.

Feature Image Credit: ar130405 via Adobe Stock

By Candid Wüest

Candid Wüest is the VP of Cyber Protection Research at Acronis, where he researches new threat trends and comprehensive protection methods. Previously, he worked for more than 16 years as the tech lead for Symantec’s global security response team. Wüest is a frequent speaker at security-related conferences, including RSAC and AREA41, and is an adviser for the Swiss federal government on cyber-risks. He holds a master’s in computer science from ETH Zurich and various certifications and patents.

Sourced from DARK Reading

Read More
By
In News

What Is Email Security Policy and How Does It Work?

No Comments

By Chris Odogwu

Having an email security policy can protect you and your company from malicious threats.

When was the last time you sent an email? It was probably today. Just like you, many people around the world send emails daily.Emails have been a part of our lives for the longest time. Since it’s almost impossible to do without them, you must secure yourself with an effective email security policy.

You don’t want your emails to get into the wrong hands, do you? Implementing an email security policy helps to keep them safer.

What Is Email Security Policy?

Email Newsletter

An email security policy is a series of procedures governing the use of emails within a network or an establishment. It details how a category of users interacts with messages that are sent and received via email.

Keeping your emails organized and secure boosts your productivity. The goal of an email security policy is to secure messages from unauthorized access.

Who may be trying to access the emails without permission, one might ask? Cybercriminals—they are very much interested in the confidential messages that you send within and outside your organization. And that’s because they know that such information is valuable. If they get hold of it, they can use it for a series of malicious activities to enrich themselves.

How Does Email Security Policy Work?

Gmail on Computer Screen

The default security strength of email isn’t so strong. Messages sent via email are in the public space. Hence, they can be easily accessed by anyone with average hacking skills. Creating an email security policy is one of the basic things that you can do to ward off attackers.

Believing that you or your organization can’t fall victim to an email breach is a false premise. As long as you make use of emails, you can be targeted.

Your reluctance to implement an email security policy can only hold water if the emails you send are meaningless. But that’s hardly the case if you run a decent business.

For an email security policy to be effective, it must include the following items:

  1. The scope and purpose of the policy.
  2. Information about the ownership of content contained in the emails.
  3. Privacy concerns and expectations of parties using the email.
  4. The responsibilities of the email users.
  5. Guidelines for using the organization’s email accounts.
  6. Tips to detect and avoid email security threats.
  7. Specific actions to take in the event of a suspected email security breach.

Accessibility is key in the successful implementation of the policy. Team members can only be abreast with the information in the policy if they can access the document.

Instead of storing the document on a physical device, it’s advisable to use a workflow tool with cloud storage and remote access. That way, authorized team members can access the policy from anywhere and at any time.

Training is another essential element to successfully implement an email security policy. Some users may be reluctant to abide by the policy, especially if they haven’t used something similar in the past. It’s up to you to make provision for proper training to make them understand how using the policy is in everyone’s best interest.

How to Build an Effective Email Security Policy

Woman Working on Computer in Office

An email security policy isn’t one-size-fits-all because no two organizations are the same. But the cyber threats that endanger the use of emails have similar effects on organizations regardless of their offerings and sizes. They are common attributes that should be considered in building a standard policy.

Here are some practical tips for building an email security policy that works.

1. Adopt a Template

Creating an email security policy from scratch isn’t a bad idea, but you could save yourself some time by adopting an existing template. This is necessary, especially if you aren’t familiar with the content of the policy.

Instead of creating irrelevant information, you have vital information for creating a policy that works.

2. Modify the Template

Adopting an existing template doesn’t mean you should use it the way it is. The template is to give you an idea of what the policy looks like.

Instead of taking everything contained in the template hook line and sinker, adjust it to suit the unique needs of your business.

In the end, you’ll have an original document that’s tailormade for your organization.

3. Identify User Engagement Terms

Users of your email may engage in indiscriminate activities if they aren’t aware that such activities are prohibited. It’s your responsibility to expressly state how they should use your email.

Identify unhealthy email practices that may expose your network to cyberattacks and warn against involving in such activities.

4. Implement a Tool

Your email security policy is incomplete without implementing a tool that enhances the security of your emails.

Manually protecting your email against cyber threats is insufficient, especially as cybercriminals use advanced technologies for their attacks. Match their energy with tools such as sandboxes, spam filters, and malware prevention software. An effective spam filter prevents you from viewing malicious emails.

5. Enforce User Policy Acknowledgement

The successful implementation of your policy begins with your users’ willingness to abide by it. Change comes with some resistance. Team members who aren’t familiar with an email security policy may decide to overlook it.

Get users to commit to using the policy by appending their signatures as a form of acknowledgment. That way, you have proof of their agreement to use it in case they fail to.

6. Train Users

Users of your email may not understand some information in the policy. Leaving them in a state of confusion is risky as they may take inappropriate actions that will endanger your network.

Ensure that everyone understands the policy by conducting training. Create room for them to ask questions on grey areas so that everyone is up to speed on what to do and what not to do.

7. Develop an Incident Response Plan

Even with all the training on how to implement an email security policy effectively, things might still go wrong.

Develop an incident response plan in the event of a security breach. Your policy should contain what users should do once they suspect malicious activity or attack. Taking the right actions can mitigate the effects of a cyberattack.

Cultivate Healthy Cyberculture With Email Security Policy

Instant messaging may be trendy in communicating with friends and family. But when it comes to work and business, good old email is still relevant. It helps organizations to maintain a sense of order and formality.

You may not be able to stop attackers from targeting your emails, but you can nullify their attacks with an effective email security policy.

When everyone using your email understands how to keep the information safe, cybercriminals will have no opportunity to strike. It’s only a matter of time before they give up trying to penetrate your network and move on to the next one.

By Chris Odogwu

Sourced from MUO

 

Read More
By