Email threats are versatile and are growing faster than ever. To fight back, organisations must invest in an end-to-end email security strategy that addresses the entire email attack chain—from proactive prevention through real-time threat response. Below are five steps that will help you get started:
To defend your organisation effectively from email attacks, you must understand the threats you face. Robust threat intelligence that can detect the full scale of malicious emails is an important first step, but it's not enough. You must also implement a solution that can correlate and analyse your threat data, revealing who is being targeted, who is attacking you and what information they are trying to steal. When you have an accurate threat analysis, you can better identify the steps you need to take to fight back.
Step 2: Deploy core email control and content analysis
Maintaining control over what messages get into your environment is critical when it comes to email security. Your solution must offer granular classification that doesn't just look for spam or malware but also identifies all distinct types of email (malicious or not) targeting your employees.
These emails could include bulk mail, credential phishing, BEC attacks, adult content, and others. Your classification tool should include advanced sandboxing capabilities that can analyse every attachment and URL in real time as it comes into your gateway.
Being able to customise email policies is another important feature of your control system. If you empower employees to choose how they want to handle bulk mail, they may be able to spot malicious content more easily.
Step 3: Authenticate your email
Protecting the email gateway is essential. But as we explored above, outbound phishing emails targeting customers and partners outside of the gateway pose serious risks to your business as well. Email authentication, specifically DMARC (Domain-based Message Authentication Reporting and Conformance), is the solution to threats like these.
DMARC ensures that legitimate email is properly authenticating against established SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) standards. It blocks any fraudulent activity from domains under your organisation's control (such as active sending domains, non-sending domains, and defensively registered domains).
Authenticating your email will reveal who is sending email on your behalf. That insight empowers you to block threats targeting your customers and partners and protect your brand's reputation.
DMARC ensures that legitimate email is properly authenticating—and that fraudulent activity appearing to come from your organisation's domains is blocked.
Step 4: Prevent data loss
There's a lot we can do to stop threats from coming in. But you should also prevent sensitive data from leaving your gateway. An effective email security strategy prepares for any threats that make it through your defences—and employees who inadvertently expose sensitive data. Your solution should combine encryption with data loss prevention (DLP) so that sensitive information, even if exposed or exfiltrated, is always protected.
Step 5: Respond to threats in real time
No security solution can stop all attacks. Real-time threat response must be a pillar of your email security strategy.
Be wary of any email security vendor that claims to catch every threat. If such a solution were on the market today, data breaches and email fraud would be a thing of the past. As recent headlines prove, this is simply not the case.
Know the threats targeting your organisation, identify your weak spots, and craft an email security defence that offers protection across these five key areas of the email threat lifecycle: visibility, content control and analysis, authentication, data loss prevention, and response.
Contributed by Adenike Cosgrove, cyber-security specialist, EMEA, Proofpoint.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.