An Overview of Traditional Email Security Solutions and How to Enhance Them
Popular Email Providers Usually Have Inbuilt Security Measures. Here’s How You Can Improve Upon Them for the Safety of Your Business.
This post is also available in: Danish
Email security solutions come in many shapes and sizes. Some of them are integrated into the platform your company uses on the daily, while for others you need to install additional layers of defense. Whatever your case may be, one thing’s for certain: email security is indispensable in today’s digital world, as this type of service is a prime target for hackers.
In this article, I will go into the definition of email security solutions and all its intricacies, including why it is important, what types of threats affect email, and how many layers these tools consist of. I will then present the standard defensive measures that are integrated into popular services before moving into how you can enhance them successfully for your company.
What is an Email Security Solution?
The vast majority of businesses nowadays rely on email for their daily communications. This means that potentially confidential information is shared on there regularly, which can easily pique the interest of malicious third parties. For this reason, most companies (including yours) need email security.
The term email security refers to the protective procedures and techniques that cover email accounts, as well as the content and communications shared through them, against unlawful access, data loss, or other forms of compromise. With this in mind, the natural conclusion is that email security solutions are the cybersecurity tools that handle this.
Why is Email Security Important?
Email is a prime target for cyber attackers due to vulnerabilities that are deeply rooted in human error, as well as the nature of the information that is shared on it. The annual Data Breach Investigations Report (DBIR) published by Verizon in 2020 identified email and direct installs as the top two attack vectors for malware infections.
A look at the hard numbers reveals even more about the importance of email security solutions. According to data published by PurpleSec in their 2021 Cyber Security Statistics report, a staggering 92% of all malware is delivered via email. What is more, targeted spear-phishing campaigns are the leading cause in 91% of successful data breaches, affecting 95% of all enterprise networks.
Types of Email-Based Threats
What types of cyberattacks could warrant the use of email security solutions? Here are the top six threats you should protect your enterprise against:
- social engineering,
- business email compromise,
- bot attacks,
- and malware.
Let’s have a look at each one, shall we?
As my colleague Miriam aptly explained in her detailed analysis of the phenomenon, social engineering is a cyberattack tactic that relies on the persuasion and manipulation of email users to gain unauthorized access into an organization’s network. Nefarious communications of this sort generally rely on the carefully researched impersonation of collaborators, authority figures, or trusted brands. Verizon’s aforementioned 2020 DBIR established that 22% of data breach cases last year involved social engineering.
Everyone with a functional email account is most likely familiar with good ol’ spam. But while these types of repetitive and sometimes senseless communications are understandably annoying, do they also constitute a threat? Yes, sometimes. When spam emails are loaded with malicious code or attachments, they become malspam, a type of junk mail whose direct purpose is to infect your device and exploit your network.
Malspam and phishing emails go hand in hand. Phishing is a type of cyberattack or threat that uses fraudulent tactics to steal money and data. The latter includes bank account details, credit card numbers, and even login credentials. This stolen information is then sold or utilized to further perpetrate fraud on organizations.
Business Email Compromise
Business email compromise, or BEC for short, is a type of fraud carried over email. Dubbed by the FBI as “one of the most financially damaging online crimes”, it exploits the fact that most organizations nowadays use this service to conduct their daily activities. Using clever social engineering, BEC threat actors usually impersonate vendors your company regularly collaborates with or a company CEO making requests towards employees. The latter is known as CEO fraud.
As I’ve explained in a previous article, bot attacks are cyber-incidents in which hackers use networks of zombie computers known as botnets to infiltrate your company’s systems to further commit crimes. They are widely used in phishing campaigns and malspam deployment. Their main targets include stealing your money, breaching your data, or infecting your endpoints with malware. This brings me to the final type of email-based threat I want to discuss in this article.
Also known as malicious code, the term malware refers to software created to steal data and cause damage within the infected device or network. Notable examples of malware include ransomware, computer viruses, and Trojans. According to Verizon’s DBIR, 17% of data breach cases are caused by malware, 27 % out of which involve ransomware specifically. Malware is commonly delivered via infected attachments that users download from shady websites or phishing emails.
Email Security Layers
How do email security solutions protect your enterprise against the aforementioned cyber-threats? There are five main layers you should consider when choosing a protective system for your company:
- spam filter,
- attachment scanning,
- machine learning,
- data encryption,
- and fraud detection.
Some of these layers are already integrated into the architecture of popular services, while for others you will need to deploy additional email security solutions. In the following section, we’ll go over the ones that are built into three widespread alternatives businesses use nowadays, namely Gmail, Outlook, and Yahoo! Mail.
Integrated Email Security Solutions
Most email services nowadays offer three standard email security solutions, which are represented spam filtering, attachment scanning, and data encryption. Below, I’ve analyzed how these popular platforms fare in terms of these basic functionalities.
#1 Gmail Security
As far as free email services go, Gmail is one of the top-tier options. Besides its accessible interface and features that cater to both business and regular customers, it is also widely regarded as being a safe alternative to electronic communications. Google Support even goes as far as to provide a checklist that will help you enhance security when using the platform.
But how does Gmail ensure the integrity of your company’s email exactly? For one, the platform has a customizable spam filter that will automatically put junk mail in a separate folder. You can tailor the conditions according to which messages are considered spam to suit your professional needs by simply setting filters up from the Settings menu.
Gmail attachments you deliver and receive are automatically scanned for computer viruses. The service will then either let you know that your email contains a virus, or block an incoming one and notify the sender.
In addition to this, data in transit over the platform is encrypted by the Transport Layer Security (TLS) cryptographic protocol, the more advanced sibling of the traditional Secure Sockets Layer (SSL) algorithm. What is more, data at rest is also encrypted with the industry-standard of 128-bit. This means that both the information you share and the one you store are not accessible to the untrained eye.
If you want to pay for a Google Workspace Suite account, Gmail will also support an enhanced encryption standard, namely S/MIME. The acronym stands for Secure/Multipurpose Internet Mail Extensions and it allows the assignation of user-specific keys to each email, which makes their encoding all the more secure.
However, Google can still (and sometimes does) read your emails, which means cyber attackers can potentially do the same. In addition to this, any level of encryption is supported both ways only if the recipient benefits from TLS from their respective provider as well. Otherwise, it does not support end-to-end encryption despite countless plans to integrate it. Controversy aside, Gmail is a relatively secure email platform thanks to robust encryption procedures and several features that help lock accounts further away from the prying eyes of malicious third parties.
#2 Outlook Security
Similar to Google, Microsoft Support also provides users with a checklist of additional security measures that will help them further enhance their digital defenses. But what does it do for you by default? I’ve listed the email security solutions you can benefit from in Outlook below.
Outlook versions 2007 through 2019, as well as Outlook for Microsoft 365, support standard spam filtering that identifies junk mail and moves it to a separate folder. The service allows for customization of this feature in terms of changing the level of protection or allowing for spam to be automatically deleted. These features can be easily activated or deactivated from the Junk E-mail Options menu.
Unfortunately, Outlook does not have an integrated attachment scanner. In this case, Microsoft heavily relies on the Safe Attachments feature in Microsoft Defender for Office 365. By doing so, the renowned technology company assumes that its clients use all these products in tandem, which is generally true for organizations. Nevertheless, the fact that Outlook does not have a functionality of its own for this is objectively a drawback.
Outlook Mail employs the TLS protocol for data in transit as well. On top of that, the service also offers two options for advanced email encryption: Microsoft 365 Message Encryption and S/MIME encryption. To benefit from the former, the user must have an Office 365 Enterprise E3 license. As for the latter, it can be activated from the Options menu. My colleague Vladimir has written a very detailed article on how to encrypt emails in Outlook via both of these variants, so check that out for further instructions.
#3 Yahoo! Mail Security
It’s at this point in the article that I admit I’ve been using Gmail and Outlook both professionally and in my personal life for many years now and haven’t had issues with either service thus far. But before all that, I was an avid Yahoo! Mail user back in the day, and I’ve honestly lost track of how many times my accounts on there were breached. Yahoo has unfortunately garnered the reputation of being unsafe after years upon years of sustained cyberattacks that successfully targeted it.
While Gmail and Outlook have had similar issues as well in the past, Yahoo is the only one to come out of it with its reputation destroyed. Why is that? In my opinion, it all boils down to its overall lackluster security features.
In terms of spam filtering, Yahoo! Mail does as good of a job keeping junk mail out of your Inbox as any other email service on this short list. However, it is customizable only to a certain extent. Yahoo’s filter allows you to correctly mark messages that were improperly filtered as either spam or not spam, depending on the case. Unfortunately, you can’t do much else with this feature besides that.
One perk of using Yahoo! Mail over Outlook is that it offers the option to scan attachments for viruses without the use of additional programs, just like Gmail. The process occurs automatically when you upload the file you want to send, so you will know right away if there is an issue with it. In addition to scanning the messages you deliver, the platform also sanitizes the ones you receive. The process is not 100% failsafe, but it does add an enhanced layer of defense to your company’s digital communications.
Yahoo! Mail encrypts data in transit by default with the same Transport Layer Security (TLS) cryptographic protocol that Gmail and Outlook use. However, further encryption using a more advanced standard is not possible with this service at the moment, which is further proof that it is the weakest alternative on the market in terms of email security solutions.
Building onto Existing Email Security Solutions
As I’ve mentioned in the previous section on email security solutions layers, there’s more to digital communication protection than spam filtering, attachment scanning, and data encryption. You have the option to add machine learning and advanced fraud detection to your company’s defenses by deploying a tool that is compatible with your service provider.
For example, our Heimdal™ Email Security and Heimdal™ Email Fraud Prevention work in tandem with the Office 365 suite to augment security in Outlook. By their powers combined, they form our Advanced Email Security module, which protects your enterprise against a variety of email-based threats, including spam, malware, phishing, DNS high jacking, CEO fraud, and other forms of BEC.
Heimdal™ Email Fraud Prevention
On top of a high-performing spam filter that picks up where standard email security solutions leave off, Heimdal™ Security’s email protection offering performs deep attachment scans and content inspections. Making use of artificial intelligence, it can identify when a malicious third party is impersonating a figure of authority in the company. With an additional layer of defense such as this one, your company’s digital assets and communications will be considerably safer in today’s constantly evolving cyber-threat landscape.
Final Thoughts on Email Security Solutions
Integrated email security solutions and additional layer of communications protection are a must nowadays. Regardless of the provider you prefer for your business, you should definitely look into secondary tools you can use to augment the safety of your data. If you’re a Microsoft fan like us, then Heimdal™ Security’s got you covered. Don’t hesitate to reach out at firstname.lastname@example.org to find out more about our full offer.