Posts

Email Security: An Essential Guide and Why You Need It

Who would think that the President of United States, Barack Obama, would have his confidential emails hacked by a group of elite cybercriminals? Yes, on the 28th of October last year, the White House reported that a breach of security had occurred on its networks and email system, after which, it had to be taken offline for maintenance purposes.

A New York Times report, following the incident, revealed that many of President Obama’s emails involving confidential exchanges with foreign government officials, including ambassadors and diplomats, had been accessed. This report shed light on the seriousness of network and email security breach that could result in significant loss of information for governments.

What about businesses?

Awareness regarding cyber security risks in the business sphere is on the rise, particularly following the well-known thefts of data at companies such as Apple and Sony. Efforts to address emerging cyber crimes have already begun to take shape.

Email, currently used as the primary means of both internal and external communications by businesses, will continue to be in use.

“Email will remain a workhorse over the next five years — especially for business-critical communications. The rise of connected devices will increase the need to communicate with consumers based on real-time data and specific events”

— Jeff Rohrs, author at Salesforce

Email comprises of various important and confidential exchanges among board members and staff, and between customers and company representatives. With the efforts of hackers continuing to evolve and become more sophisticated, it does not take long for unencrypted emails to be hacked, especially on the mobile and cloud computing platforms where there’s already a dearth of proper security codes and various other flaws.

This represents an unprecedented problem of the rise of cybercrime activities that for years have escaped the eyes of the security industry. It is for this very reason we present here a short guide on how you can keep your email secured from different types of malicious software.

What are the different types of email threats?

Cyber criminals frequently target email as it is well understood, widely deployed, and is the preferred means of communications. Many people think of email security as a single issue, while in truth, it is an assortment of many different threats.

These threats undermine the trust, effectiveness, and reliability of email systems while defrauding recipients and damaging computers. Each threat works individually. Following are some common types of email threats.

Malware

Malware, also known as “malicious software”, includes viruses, Trojans, spyware, and worms – essentially any software uses that damages, disrupts, or is used to gain unauthorized access to a computer’s operations. Cyber criminals who attack organizations employ malware for different purposes. Once successful, these cyber criminals gain a considerable degree of control over servers and workstations.

They use this control to monitor users’ activities, gain access to sensitive information, change privileges, and perform other hostile actions. Malware is often transmitted through email.

Spam

When you receive unwanted, unsolicited bulk commercial e-mail messages, what you are basically getting is spam. Cyber criminals use spam messages for a number of purposes, including distribution of malware, utilizing IT resources, and disrupting user productivity.

Virus attackers and phishing perpetrators prefer spam as their delivery medium. Cyber criminals send an infinite number of spam messages each day, which makes the threat of spam a very serious issue.

Phishing

Phishing is somewhat like spam. Cyber criminals use “spoofed” emails in phishing to trick recipients into revealing confidential financial information including passwords, account usernames, Social Security numbers, and credit card numbers. They do this by redirecting recipients to fraudulent websites designed to make that happen.

Phishing executioners steal identities from online merchants, credit card companies, banks, and typically operate under these identities.

How can I protect my business from email threats?

Now that we’ve identified the threats pertaining to emails, let’s get into solutions that ensure protections against these threats. You’ll need a number of tools to protect your systems from attacks.

Email encryption

 “Hackers are always going to get in. The data has to be encrypted when it is stolen, so when removed the data will be useless. Or we can continue to treat real cyber security as an afterthought. The choice is ours – I will go with the encryption”

— Richard Blech, CEO, Secure Channels

You can protect outbound emails through a popular way which involves furnishing messages indistinct to unaccredited recipients. For this purpose, you may want to get encryption applications over renowned internet security suites, as these products usually consume both storage space and processor speed. Also, you could get a firewall or additional software to handle encryption.

Anti-virus Products

You need access to the leading anti-virus tools and services if you want to get rid of malware like viruses, Trojan horses, spyware, and worms. You can easily spot and remove such malware with the help of these anti-virus tools and services.

Spam-filter

You can rid your user’s inbox of the majority of digital litter and also differentiate between legitimate email and spam with the help of a spam filter. Spam filters are getting more accurate with continuous improvements in spam-recognition technologies. However, spam filters may still incorrectly categorize some emails, albeit rarely.

Firewall

You can filter out unwanted materials that don’t meet pre-configured rules as well as malware-laden attachments to reinforce email security with the help of firewall.

Client-security

Client security is the first line of defense against email threats which users need to investigate on their own. All major email service providers offer phishing filters, anti-spam tools, security settings, and other features designed to identify and quarantine hostile messages.

How can you take a proactive approach?

Educating yourself about the threats is the first line of defense you can adopt a proactive approach as newer issues and dangers emerge. You can minimize the effects of email threats in your life by building higher awareness of them.

Secondly, CEOs and business leaders need to reshape their HR policies to recruit the best talents in cyber security. Having a cyber security professional can help companies anticipate and prepare for future risks in a much more effective manner.

201 CMR 17 and what it means for your company.

If you haven’t heard of 201 CMR 17 and your company handles personal information for your customers you will have to read up. “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information”. Luckily Massachusetts has postponed the deadline to be 201 CMR 17 compliant from January 1010 until May 2010, but you should still start working towards being compliant as soon as possible. I know The Office of Consumer Affairs and Business Regulation has received a lot of backlash due to this new law, and I for one am for it. I have worked for companies who enforced data protection and who didn’t. The ones who did used encryption, etc. I know the costs to implement such things can make even the mightiest CFO cringe. At the end of the day with the dawn of a new decade hacking means have matured exponentially and the most important thing to the customer is who will be protected most, and I for one welcome anything that will protect my personal information. Below is just a short list of things you will need to do:

– Need to have your email secure and possibly encrypted.
– Audit and detection software so you can audit file access and also detect unwanted access.
– Encrypt all removable media
– Tighten security