3:00 min read
Of all the typical applications in most organizations, email is perhaps the most basic and essential. Any systems administrator knows that if email goes down they will hear about it. Email is a tool; increasingly it’s a weapon as well.
In terms of basic human security risks, email is also the most frequent route for systems intrusions. The most common example is “phishing” or “spear phishing” messages that lead to malware infections. The differences between the two? Phishing is aimed at a broad audience (think of fishing with a tuna net) and Spear Phishing is aimed at a single target or a small group of targets (think of fishing with, well, a spear). The malware can be anything from “ransomware” that tries to encrypt your files and hold them for ransom to a Remote Access Trojan (RAT) that silently gives a hacker access to your system.
Email delivery of malicious software is usually in one of two ways. In the first case, an attached file contains code that exploits a vulnerability in the software used to open the file (e.g., Adobe Reader, Microsoft Word). In the second case, the email contains a link to a website or other online resource and that online resource delivers the malware, typically by exploiting a vulnerability in some element of the web browser.
6 key features and considerations to keep in mind with email security software or services:
- Spam filtering. Spam is primarily thought of as a nuisance, but malicious emails are often sent out to broad lists of people and can be caught by spam filtering.
- Malware scanning. Most scanning for malicious software depends on looking for known bad files as attachments and/or websites linked in an email based on their known “signatures.” This type of scanning may miss new threats or those not previously identified, but it will detect the majority of malicious files and links. Some newer systems can dynamically check files and links for suspicious behavior, thus detecting many threats for which no signature would exist.
- Anti-spoofing. Your email security system should make it impossible for someone to send email into your network that would normally originate from inside your network. One of the most dangerous types of email scams involves emails sent to employees that appear to come from someone else in the company (typically senior management) requesting information or a financial transaction. Companies have lost millions by making wire transfers in response to such emails.
- Geo-IP detection and filtering. Email scams and attacks are often sent from servers that an attacker has gained control of illegitimately. However, many still originate directly from known trouble spots like Nigeria, east Asia, and eastern Europe. If you don’t do much international correspondence, it may be preferable to filter out or flag email originating from unusual geographical regions.
- Encryption. Some security solutions enable you to encrypt emails on demand. Some require a plug-in or add-on for your email software to do this. Others simply do it automatically if you include the appropriate keyword in the email subject and/or body.
- Content filtering. Some email security systems have data loss prevention features. These allow you to set certain keywords or data types (e.g. Social Security numbers or credit card numbers) for the email security software to search for in emails. You can then block, re-route, flag, or (in some cases) encrypt emails that match the search.