Email security is still a struggle for many companies, with spam and phishing showing no signs of going away. Brandon Bekker, MD, Mimecast MEA, tells us how to stay one step ahead of the bad guys.
Email continues to be the most common attack vector. Why is it still elusive to achieve email security?
Though there have been incredible advancements in email security technology, businesses often cannot deploy this new technology quick enough to counter the evolving cyber threats that threaten their security. And often, cybercriminals prey on human error and misjudgment; disguising their attacks in ways that seem legitimate to even the savviest of email recipients.
What are the best practices you recommend for email security?
Whilst Mimecast provides a TTP (Targeted Threat Protection) suite of solutions to protect users from accessing malicious URLs, email attachments and to counter whaling attacks, we also encourage businesses to engage with their staff and interrogate their business practices to boost their cyber resilience.
Some examples of this includes:
- Educate employees about these types of attacks and what to look out for – emails from the CEO or CFO requesting immediate action.
- Test employees once trained by using simulations in the form of staged whaling messages intentionally sent to key individuals.
- Implement advanced email gateways to ‘stamp’ messages as ‘external’ and raise suspicion when they seem to have come from someone inside the organisation.
- Introduce specialised advanced email threat technology to identify and block these attacks.
- Update procedures to include multi-level authentication and approvals to make it harder for a single person to transfer funds or hand over sensitive information.
How can you spot phishing emails?
Phishing emails often contain one or more of the following signs:
- It is from someone you don’t recognise
- The link’s destination domain appears incorrect
- You didn’t initiate the action and weren’t expecting to be contacted
- The sender’s name doesn’t match their email address
- It is not specifically addressed to you (e.g., Dear Customer)
- There are spelling or grammatical errors
- It includes a long list of recipients
- It contains a vague message from a seemingly familiar source
- It makes an offer that seems to too good to be true
Is training and education the best way to go about email security?
Humans are often the weak link in the cybersecurity chain, so businesses need modify their approach to cybersecurity in order to evolve the corporate mindset towards one of cyber resilience. Implementing advanced security software does help, but Mimecast also advocates the building of a ‘Human Firewall’. This educational layer encourages all users in an organisation to interrogate their inbox and take necessary steps to protect themselves and their organisation from cyber-attacks.
There are also other ways that email security attacks can be mitigated. One of these concerns the changing of authentication or approval processes through the adding of a secondary signature. Another involves the utilisation of simulations as an effective method for detecting weakness as well as raising awareness.
What are the pros and cons of cloud-based email service?
Mimecast’s cloud-based services allow for protection that is always-on, always up-to-date to counter the evolving cyber threat landscape, and without the complexity and cost of traditional offerings. The agility of Mimecast’s email cloud services provide our customers with flexible and granular email security controls which they can easily modify to suit their business requirements.