by Kapua Iao
Email security refers to a comprehensive set of safety measures that keep email correspondence secure from end-to-end, against unauthorized access.
Good email security must protect inbound and outbound email during transit, as well as in stasis, when stored or accessed by a user.
The need for good email security
A 2020 Enterprise Security Group (ESG) survey found that two-thirds of respondents named email security as one of the top five cybersecurity priorities.
And a huge reason for this is due to organizations contending with the human factor.
In fact, over 90% of breaches are caused by some type of human error.
This is particularly true in the healthcare industry with its combination of tired and distracted employees and possible lucrative payoffs.
The April 2020 Paubox HIPAA Breach Report confirms this, stating that email remains the most common threat vector for healthcare organizations.
And why wouldn’t it when cybercriminals understand how vulnerable such organizations are today.
Common attacks: phishing emails
According to the ESG survey, the top concern for email security is preventing phishing attacks as well as protecting sensitive data.
Phishing attacks are scams in which a cybercriminal poses as someone legitimate to lure victims into providing useful information or clicking on malicious attachments/links.
Such attack methods include:
- Domain name spoofing
- Spear phishing
- Business Email Compromise
Phishing can be general (e.g., mass emails) or targeted (e.g., spear phishing), but all have the same goal: to elicit personal information and/or gain access to a victim’s system.
Email security best practices
The current approach to email security must be layered in order to be effective.
It must, therefore, encompass methods that address access, storage, and transmission of all messages.
|Email storage/access security||Inbound email security||Outbound email security|
|Strong password policies||Spam filters||Encryption|
|Access control||Anti-virus software||Data loss prevention|
|Firewalls||Encryption||Addressee stop check|
|VPN networks||Display name spoof detection||Outbound filters|
|Secure email gateways||Domain-based message authentication, reporting, and conformance||Domain key identified mail|
Above all, organizations should use proper safety measures from the beginning and should perform continuous risk analyses on email usage/challenges.
Second, it is necessary to create solid email policies and procedures and ensure employees are following them.
Furthermore, organizations should utilize up-to-date employee awareness training to teach users how to protect themselves as well as their workplace.
And finally, healthcare establishments must employ HIPAA compliant email to protect both patients and employees from exposure.
Given advancements in technology and cybercrimes within the past 10 years, email protection should be comprehensive in order to protect an organization from future cyber problems.
At the same time that phishing scams and methods of breaching have increased in sophistication, so have methods of blocking such attacks.
In other words, it is up to every organization to find the right tools and the knowledge to use the toolset properly in order to create rock-solid email security for themselves.
Be proactive and invest in strong cybersecurity today.