Email security
Email is a central communication tool for most businesses, both for internal and external correspondence. As a result, business-critical and sensitive personal information is frequently exchanged via email. This makes it essential to ensure 'the confidentiality, integrity, and availability' of the information being sent and received.
Security measures
There are several security measures that can enhance email security, which are outlined below.
Encryption of the connection
Protecting emails from unauthorised access is crucial. To achieve this, the connection between the email client and email servers, as well as the servers that emails pass through on the internet, should be encrypted.
By using TLS (Transport Layer Security), the transport layer is encrypted, creating a secure tunnel that prevents third parties from intercepting or modifying the email’s contents while it is transmitted across the internet.
It is also recommended to use STARTTLS, a protocol that automatically upgrades an unencrypted connection to an encrypted one whenever possible.
Both TLS and STARTTLS are standard encryption technologies that most email systems support.
Authenticity
To ensure that the recipient’s server can verify that an email truly originates from the claimed sender, authentication techniques such as SPF, DKIM, and DMARC are used.
SPF (Sender Policy Framework) specifies which servers are authorised to send emails on behalf of a company’s domain (e.g., 123@domain.com).
DKIM (DomainKeys Identified Mail) adds a digital signature to emails, allowing recipients to verify that the message’s content has not been altered during transit.
DMARC (Domain-based Message Authentication, Reporting & Conformance) defines policies for how receiving servers should handle emails that fail SPF and DKIM checks.
Together, these technologies help reduce the risk of phishing and email spoofing.
Spam and antivirus
To ensure that emails do not contain or spread viruses, organisations can use software that automatically scans incoming and outgoing emails. This software detects known threats in emails, such as virus-infected attachments, and subsequently blocks or quarantines these emails to prevent them from spreading on the sender’s or recipient’s servers.
Access
It is essential to prevent unauthorised individuals from accessing an email account, as this could lead to data theft or account misuse. To mitigate this risk, strong passwords should be used, and it is recommended to implement additional security measures such as multi-factor authentication.
Logging and backup
Secure email usage also involves maintaining email backups to prevent the loss of important business information in case of a ransomware attack or similar incidents.
Additionally, logging all email traffic can help detect unusual activity, making it easier to track and respond to security breaches.
Employee training
Even with the best technical solutions in place, employees may still encounter phishing emails or other email-based threats. Therefore, they should receive training in secure email usage, such as awareness training.
Employees should learn to recognise phishing attempts, understand the importance of strong passwords, and know how to handle suspicious emails.
Clear rules and guidelines
It is also important to establish clear rules for how employees should handle emails securely. The organisation should have a written email policy that outlines which types of information can be sent via email, how attachments should be handled, and how to avoid clicking on suspicious links.
Additionally, there should be a clear plan detailing what to do if an employee receives a suspicious email or clicks on a malicious link. Employees must know who to contact and how the situation should be managed.
Threat scenarios
The table below illustrates some common threats and the security measures that can help reduce the risks.
|
Threat Scenario
|
Mitigation Measure
|
|
Compromise of emails during transmission
|
Encryption of emails.
|
|
Spoofing of sender address
|
Implementation of SPF, DKIM, and DMARC, along with employee training.
|
|
Receiving emails with malware or viruses
|
Email filtering and antivirus scanning.
|
|
Data breach
|
Use email filters to scan emails both upon receipt and before sending.
|
|
Compromise of email accounts
|
Enable multi-factor authentication on email accounts.
|
Risk reduction
If a company has not implemented these security measures, the likelihood of a security breach increases significantly. Most organisations already use email systems that, by default, apply encryption, domain authentication, spam and antivirus filtering, and access control, which helps reduce risk.
However, fewer organisations actively train employees on the correct use of email and the associated threats. Backup and logging are additional measures that not only lower the risk of a security breach but also help mitigate the negative consequences should an incident occur.
Resource requirements
A risk assessment should serve as the foundation for selecting solutions to mitigate the most critical threats.
The resources required for implementing and maintaining security measures depend on the organisation's existing solutions and needs. Standard solutions in cloud-based email systems can often be implemented at a relatively low cost, whereas advanced on-premises systems typically require greater investment in hardware and ongoing maintenance.
A smaller organisation using a cloud-based email system can achieve a high level of security by ensuring that default settings are correctly configured. In contrast, larger organisations often have more complex requirements and greater internal resources to implement additional security measures.
Many security measures, such as spam filtering, antivirus scanning, and encryption, can operate automatically and require minimal ongoing resources once properly configured.
Challenges
Implementing and maintaining email security can present several challenges. The table below summarises common challenges and possible solutions.
|
Challenge
|
Solution
|
|
Complex configuration and administration
|
Seek assistance from consultants and standardise configurations where possible.
|
|
Resistance to security measures
|
Train employees on the benefits of security measures and communicate policies clearly.
|
|
Constant evolution of threats
|
Conduct regular updates, monitor threat intelligence, and adjust security settings accordingly.
|
|
False positives (blocking legitimate emails)
|
Fine-tune filters, use whitelists, and respond promptly to error reports.
|
Software
Well-known email providers such as Microsoft Outlook and Gmail support standard features like encryption of sent emails. They also offer settings for configuring SPF, DKIM, and DMARC, which help protect against phishing and spoofed emails. Additionally, these solutions include spam and antivirus filters, as well as strong access controls such as multi-factor authentication.
Additional security services can be purchased through Microsoft Defender for Office 365 or Google Workspace Security.
Of course, many other providers exist, often offering similar security measures.
Related measures
Email security is achieved through a combination of various security measures. The following may be relevant to explore further:
.jpg)
.jpeg)
.jpg)
.jpg)
.jpg)
-1.png)
.jpeg)
.jpg)
