In 1978, a marketing manager with Digital Equipment Corporation sent an unsolicited electronic message to hundreds of ARPANET users promoting the company’s new mainframe computers. It is the first known instance of spam, and it kicked off four decades worth of unwelcome, unwanted and unrelenting email abuses.
Email has since become the de facto standard for business communication, with more than 5.5 billion email accounts worldwide generating nearly 300 billion email messages every day. But the ubiquitous nature of the medium has made it ripe for abuse. It is estimated that more than three-quarters of all emails today are spam. Worse yet, it has become the primary vehicle for a host of criminal exploits.
Security experts are nearly unanimous in the opinion that email is the No. 1 delivery mechanism for ransomware, malicious attachments, malicious URLs, viruses and phishing attacks. Analysts say more than 90 percent of all cyberattacks originate from email. The FBI reports that business email compromise attacks alone costs companies worldwide more than $10 billion annually.
Sensitive Data at Risk
What’s more, email is a leading source of data loss. Too many people treat it as an electronic filing system, holding on to confidential messages about budgets, product development, sales forecasts, customer prospects and other sensitive topics. One research firm has estimated that as much as 75 percent of a company’s intellectual property is contained within emails floating around in corporate email systems.
Part of the problem is that there is a tendency to think of email as an uncomplicated technology because it been around so long and is so easy to use. In truth, it has always been a fairly complex service to deliver because it requires the integration of so many components — servers, storage, operating systems, the platform software itself, as well as other supporting elements such as directories, filters, security, backup, e-discovery and archiving solutions. According to one survey of IT professionals, a typical email architecture might involve roughly 19 platform servers, eight servers for archiving, six for antivirus and another six for mobile device management.
That level of complexity has led to rising adoption of cloud-delivered email solutions in which companies offload the email infrastructure and management to a third-party provider. Most also assume that the provider’s native security measures offer sufficient protection, but that is a misconception. With cybercriminals increasing their attacks on cloud platforms, providers’ base security features aren’t enough.
Whether you choose to use an on-premises or cloud-based email platform, you should augment basic security measures such as antivirus, antispam and other signature-based methods with additional layers of protection. Here are three you should consider:
- Secure messaging gateways. These are essentially email firewalls. Deployed as either a hardware or software, gateways analyze emails against dynamic databases of blacklisted URLs, flagged keywords and other characteristics, and then block or quarantine suspicious messages before they are delivered to their intended recipient.
- The DMARC standard. This email authentication protocol helps identify spoofed email messages and notifies email servers to delete those messages upon receipt, keeping them out of inboxes and preventing their propagation. It authenticates email against your defined policies, rejecting anything that doesn’t comply.
- Data Loss Prevention. DLP solutions scan email headers, body content and attachments to enforce a range of security measures. They can block sensitive company information from leaving the company by email, and prevent unauthorized users from downloading or copying data onto USB devices or other unsecured endpoints.
Email has been a great business tool for decades because it is easy to use and gets the job done, but security cannot be an afterthought. Whether you are using an on-premises solution or have moved to a cloud platform, the security experts at SSD Technology Partners can help. We provide multilayer security for email systems and other critical applications through the SSD Assurance program. We’d welcome the opportunity to show you how we can improve your email security capabilities.