When speaking about email threat protections with our client’s executive leadership teams, which range in size from ten to thousands of users, the security concerns around email are similar. They range from the broad, like business continuity, reputation damage, and financial impact, to the very specific, like data breaches, data loss, ransomware, crypto, and ultimately the loss of the business. The same threats that affect a small company are the same that affect large enterprises. The bad actors do not discriminate.
Our clients are not alone. According to a 2023 report from Cloudflare, 90% of all cyberattacks begin with a phishing email to an unsuspecting victim. So what can you do? Email communication remains a crucial communication tool for businesses, so you cannot turn it off (although many users would love that, I’m sure). Like many of our other articles in the “Exploring KeyNet Defend” series, addressing security concerns with a single-point product may feel like the correct thing to do, but utilizing a defense-in-depth layered security approach offers greater levels of cybersecurity while not incurring the costs of overlapping products.
What are the most prominent email threats that we must defend against?
- Phishing Attacks: Deceiving users into clicking on malicious links or opening attachments to compromise credentials or deliver a payload.
- Spear Phishing: Highly targeted phishing attacks mimic legitimate users in organizations that have a level of trust or authority over the receiving user, causing them to act without thinking.
- Business Email Compromise: Fraudulent emails that come from a legitimate business email account that has already been compromised.
- Malware Attacks: Malicious software attachments or links in emails that ultimately can compromise systems and data.
- Ransomware Attacks: Similar to Malware except the payload immediately begins the encryption process in order to hold your data for ransom.
- Spam: Unsolicited, bulk emails that can contain malware or phishing links.
- Man-In-The-Middle (MitM) Attacks: This attack typically starts with a phishing email that directs users to the real Microsoft 365 login page through a session they control in order to steal your username, password, and multifactor information.
We read our clients’ cybersecurity insurance policies (so you don’t have to), but before we move on, calling your insurance company needs to be very high on the list when faced with one of these attacks. Your policy will typically outline who to call or email early in the policy language. Failure to do so could invalidate any claim you submit. If you do not have a cybersecurity insurance policy, we urgently recommend that you stop reading this blog and contact your insurance broker.
Knowing that the threats listed above are only the top threats to email, what can be done to help mitigate the risk of using business email? Below is a high-level place to start.
Implementing Email Threat Protections
- Strong Passwords: Ensure that your passwords are strong. This seems obvious, but we continuously run into new clients who have never been told this and whose networks allow simple, non-complex passwords. Create a policy and enforce it.
- Multifactor Authentication: Ensure that every account (humans and non-humans) has multifactor authentication enabled. This includes service accounts with simple passwords that have not been changed in years (you know who you are).
- Security Awareness Training: Train all your employees through Security Awareness Training. You can read our blog here on that subject. A knowledgeable end user is your best defense.
- Up-to-Date Patching: Maintain an up-to-date infrastructure. Ensure you maintain patching on workstations, servers, services, and infrastructure. This includes staying current on Windows 10 and 11 releases.
- Geolocation Access: Implement geolocation access to your email infrastructure. Regardless of whether you are on-premises or in the cloud, if you have no users that need to log in from Italy (no offense, Italy), do not allow login from there.
- Advanced Email Filtering: Implement advanced email filtering to detect and block the threats listed above using machine learning and artificial intelligence along with the lower intelligence techniques of security feeds, real-time blackhole lists (RBL), and domain and email blocking.
- DNS Layer Filtering: Implement layer filtering so that if an email gets through to a user, and because of lack of training, business email compromise, or it is a late Friday afternoon, and they click the link, another layer of security can protect your business (and save your weekend). You can read about DNS Layer Protection here.
- Dark Web Monitoring: Implementing dark web monitoring to ensure that if your account information shows up on the dark web, you are alerted and can change your credentials immediately.
KeyNet understands the modern-day threats that bombard your business daily, including email. We don’t work off the “don’t worry about it” model. As a business owner, you can’t be bogged down with inconsistent or incomplete cybersecurity solutions and strategies. We work by understanding your current environment and prioritizing cybersecurity controls that will impact your business the most by reducing risk. To learn more about who we are, click here. If you are ready for a no obligation conversation regarding implementing KeyNet Defend and our email threat protections in your business, we invite you to contact us today.
One Final Thought:
Our engineers would not allow this article to go out without having me mention the proper configuration of your public domain being used for email. Yes, your domain configuration has aspects to it that protect others. This is for the technical folks reading the article. I will only drift into the weeds once in this write-up, and it is to let everyone know it is up to you to properly configure your domains to send email. This includes full implementation of Sender Policy Framework (SPF) with a hard fail, Domain-based Message Authentication, Reporting & Conformance (DMARC), and DomainKeys Identified Mail (DKIM). Thanks for reading.
