SPONSORED
4 steps to safer emails

This week, we focus on email security, with 4 steps we recommend to make your email environment more secure.

Read the article

Share this story

Read Time: 3 minutes

We all recognise that email represents one of the largest security risks for businesses, with over 90% of all emails carrying some sort of threat.

Scary, isn’t it? But what isn’t always recognised is the inability of some of the leading workplace technologies to provide the necessary level of protection.

In recent weeks, we’ve spoken of the vulnerabilities of VPNs and workplace technologies, with visibility and control an important issue, yet email is such a big area of risk that we decided it needed particular attention.

Shaun uses a simple online test from leading email security company, Libraesva, to evaluate existing email systems

Shaun McKay, our guest consulting CIO, gave us his view. “Microsoft 365 just doesn’t have sufficient protection from email attacks, but many people don’t realise it and, with more businesses fast tracking digital transformation programmes as a result of the pandemic, Microsoft 365 is fast becoming the most adopted business productivity suite.

“While there’s no doubt about its value and power for automating business, email is one area where there’s a clear need for additional security. I use a simple self-serve tool for testing email security on Microsoft 365 and, in almost all cases, users are shocked when they see the results”.

So, here’s our 4 steps for safer emails:

1. Microsoft 365 Protection:

Don’t rely on Microsoft 365 alone – enhance your Microsoft 365 email security for best possible protection.

Read more about the risks of Microsoft 365 here. If you’d like advice on how to enhance Microsoft 365, click here and we’ll put you in touch with people who can help (we won’t give your details to anyone - we’ll give you a selection to choose from).

2. Email Security Test:

Know how secure you email is by testing the security of your email system. We have a simple test you can do that’s been recommended by top UK law enforcement agencies – just click here.

3. Advanced Email Security:

Use an Advanced Email Security product that includes, at the very least, the following features:

  • Multiple AV scanning
  • Advanced spam protection
  • Unique URL and document sandboxing
  • Heuristic scanning and reputation checks to protect users from advanced threats such as phishing, whaling* and infected attachments.

    *not sure what these mean? They’re explained at the foot of this page.

4. Email Security Policy:

Remember, most security breaches come for the actions of employees or other authorised network users (see our sponsored post, "The Threat From Within"). Education is essential, so communicate details of your email and cyber security policies to all users and provide them with access to improved security features.

Last week, we reported that global cyber-crime was predicted to reach $5 trillion next year, increasing from $3 trillion and with no allowance for Covid 19. “It’s not just about cost” says Shaun, “cyber-crime is a serious threat to a business’s reputation as well. Now more than ever, having the right protection is essential”.

Related Articles
1. The human factors of phishing attacks
Read more
User Rating
Rate the Article

Click the link below to rate this article

Rate this article
WHAT TO READ NEXT
Test your Email Security Now

This tool tests if your email server is correctly configured to stop common threats.

Learn more
Cybersecurity Glossary

Do you get confused with security names and buzzwords? Use our Cybersecurity Glossary

Learn more
About MYREDFORT

We’re a community where IT security buyers can engage on their own terms

Learn more
About Libraesva

An email content gateway solution ESVA – Email Security Virtual Appliance – won the Computing Security Award as ‘Antispam of the Year’ solution 2014-2016

It was recognised by the prestigious Virus Bulletin as one of the best and effective systems of protection and analysis of email content, Libra ESVA was selected by Securefort to address email security in the SMB sector.

Learn more
You can’t protect what you can't see!

30 days no cost, no commitment, no fuss technology deals for remote working quick wins:

Learn more
KNOW YOUR PHISH!

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication. Attackers will commonly use phishing emails to distribute malicious links or attachments that can perform a variety of functions. Some will extract login credentials or account information from victims.

Email Phishing

Most phishing attacks are sent by email, where a fake domain is registered that mimics a genuine organisation. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’.

Alternatively, they might use the organisation’s name in the local part of the email address (such as [email protected]) in the hopes that the sender’s name will simply appear as ‘PayPal’ in the recipient’s inbox.

There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download a attachment.

Spear Phishing

Spear phishing, describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim:

  • Their name; 
  • Place of employment; 
  • Job title; 
  • Email address; and 
  • Specific information about their job role. 
Whaling

Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of CEO Fraud - CEO fraud, is when attackers abuse the compromised email account of a CEO or other high-ranking executive to authorise fraudulent transfer of funds to a financial institution of their choice.

Smishing and Vishing

With both smishing and vishing, telephones replace emails as the method of communication. Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation.

Angler phishing

A relatively new attack vector, social media offers a number of ways for criminals to trick people. Fake URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) can all be used to persuade people to divulge sensitive information or download malware.

Pharming

As users become wiser to traditional phishing scams, some fraudsters are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming.

This method of phishing leverages cache poisoning against the domain name system (DNS). Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice. That’s the case even if the victim enters the correct site name.

We're a community where IT security buyers can engage on their own terms.

We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.

Other articles in this category
Email Security
+
The human factors of phishing attacks

The dangers of complacency

Thursday, August 06, 2020
+
Take the Renewal Challenge

(in fact, pretty much don’t auto-renew anything in life!)

Tuesday, August 18, 2020
+
Change Without Notice

Things to consider when an email security vendor is acquired by a bigger beast

Wednesday, September 02, 2020
+
Everyone's a Winner

myredfort looks at email security for all with Libraesva

Monday, September 14, 2020
+
You Clicked What??!

Email Security: Removing the guesswork

Wednesday, September 23, 2020
+
The Best Email Security Money Can Buy

Email Security for all with LibraESVA

Friday, December 11, 2020
+
Partnering with the Best

Libraesva email security solution wins top 2 awards

Thursday, January 14, 2021
+
Vendor Spotlight-Libraesva

Email Security, Archiving & Encryption

Tuesday, April 20, 2021
Interested in what you see? Get in touch, and let's start a conversation Get in touch