Email Security Checklist 2022

We have made an eleven-point checklist list of critical email security capabilities you should have in place to create the defend against cyber threats presented by email. The costs of a data breach in your organisation are too high to take a chance.

11 Point Email Security Checklist

1. Secure Access
Controlling user access to your email infrastructure is the first step in securing email. A safe access mechanism to the system is provided by multi-factor authentication, which uses two distinct types of authentications to block unauthorised access. This would stop access even if the password had been hacked.  To prevent any undesirable threats from being retained in your mailboxes, it’s crucial to reject any emails from external senders to invalid users. Your email service should be dynamically synchronised and securely connected by the email defences, and steps must be taken to ensure recipient validation is automated and that expired recipients are either removed or validated.

2. Inbound Defences
A multi-layered strategy should be used by your email defences to scan incoming emails. examining the email’s header and text. offering security against all phishing and social engineering threats by thoroughly inspecting URLs and attachments.
You should be able to remove emails from your users’ mailboxes as part of your inbound defences, for example in situations when it wasn’t intended for that person or for dangers that your defences initially missed but are later discovered.

3. Spam Filtering
Advanced anti-spam filters analyse the SMTP-related information of the email header and the email body by combining a number of different checks. checking the sender’s IP address, network information, and the sending mail server’s reputation against a variety of private and public sources.
Additionally, users who may have subscribed to a service and started receiving emails they weren’t necessarily interested in should be protected from receiving marketing emails (graymail).

4. Advanced Attachment Filters
To prevent users from receiving executable, Script, Python, and Batch files, it is crucial to have the ability to detect all malicious file types and file extensions. There are more than 50 harmful file extensions out there.
Attackers conceal the malicious programmes’ intentions by encapsulating them in file types like ISO images, ZIP, and RAR formats. Media files (MIME types) like Elf, Registry, Installer, and Selfextract should also be included.

5. Malware and Ransomware Protection
Emails ought to be examined using a wide range of threat detection engines. utilising multiple antivirus engines for heuristic and behavioural analysis as well as known signature-based detection.

6. Advanced File Sandbox Management
The “traditional” approach of exploding files and tracking behaviour has proven ineffective due to the development of evasion techniques, the lack of time for analysis in an email setting, and the complexity of traditional virtual machine-based sandboxes.
Only files that are performing “safe” operations for that document type should be allowed by your defences. The sandbox should be able to sanitise and remove the “active contents” or the dropper from the attachment and disarm the file if the document is carrying out any operations that are not on the “safe list,” such as accessing the file system, deleting, or calling down third party applications from the internet. delivering the cleaned version to the user while quarantining the original.
There should be a fall-back action to block the entire document in the event that the attackers manage to crash the sandbox or cause a technical disruption to the analysis. The sandbox should be able to detect the evasive indicators as part of the detection process and block the file if any obfuscation or evasion techniques are used.

7. Advanced URL Sandbox Management
Your email defences should be able to rewrite links that offer “time of click protection” inside of emails. The website and any redirects should be dynamically scanned by the URL sandboxing technology to look for any suspicious activity or malicious code or objects, such as javascript.
If any of these are discovered, users should be prevented from accessing the site; only a clean site should permit users through.

8. Dictionary Filtering
Your defences ought to be able to search the body of emails for words you’ve forbidden. Depending on your preferences, language, and line of work, you may choose to block a variety of content types, such as words you deem inappropriate for business communication, such as those related to illegal substances, drugs, abuse, violence, radicalization, grooming, bullying, or digital currencies.

9. Outbound Email Management
Outbound email traffic should be subjected to the same security analysis as inbound email. This will prevent your own employees from sending harmful content to recipients outside your company. If a domain or IP address is whitelisted, some email security solutions automatically exempt the email from any further checks. When emails are coming from these reputable sources, it poses a serious security risk to your company. You should make sure that this is not the case.
It would be ideal to have the ability to revoke emails sent to people with whom users have never spoken. This eliminates the possibility of data loss and the sending of emails to the incorrect contacts. To ensure that emails are never held and forgotten about indefinitely, the user can recall the message within a brief hold period before it is released if no action is taken. Not every email should have access to this feature.

10. End to End Encryption
It is paramount that the communication tunnel between your email server and the intended recipients, transport layer security (TLS) should be mandated as standard. This stops in-transit traffic from being intercepted. Additional features to guarantee that private data is sent securely and can only be read by the email’s intended recipient. Due to the nature of the content that needs to be protected, this will stop it from being stored in plain text in the recipient’s mailbox, even if the recipient’s mailbox has been compromised.
Some security companies choose to store your encrypted emails on an encryption server while requesting registration and authentication from the recipient. By exposing your users to this method, you increase the possibility that a phishing scam will trick them into providing their information because they are already accustomed to the procedure.
An encryption key should be sent to the sender of the encrypted message and given to the recipient by any method other than email to maximise security and eliminate the need for recipient registration. All your encrypted emails should be stored on your email security system rather than on a public cloud infrastructure for data protection.

11. Data Loss Prevention
Keeping confidential and sensitive information from leaking outside is essential. Your email defences should have a method for analysing and spotting emails for patterns in the body and subject lines. Credit card numbers, Social Security numbers, 16-digit keys with wildcards, and 8-digit passwords are examples of the contents. Even numbers from engineering blueprints that start with three letters and end with four numbers may be present.

The content’s nature may change and be particular to your organisation’s rules. Not only should it be possible to block or stop an email from being sent, but also to forward the email to a shared mailbox so that it can be tracked for DLP violations with the ability to score the content according to its seriousness and the desired result.

Why Email is Such a Threat

Phishing attacks are effective because they take advantage of people, who are the weakest link in a company’s security. People don’t pay enough attention to requests that seem legitimate, which leads to data sharing which poses risk.
A quarter of workers quickly click on links in phishing emails, and of those, half fill out web forms with personal data. The cost to businesses is extreme: breach costs can reach millions of dollars and average over $130,000, which forces many firms out of business.

Email Password Guidance

Reading the technical press, one would think email security is all about passwords. While important, the problems with email password hacks stem from outdated guidance. As part of revising your overall security, consider refreshing your password policies.

Current NIST recommendations maintain that the most important factor in a strong password is length, not complexity. Passphrases, which are created by stringing together a few words, like kittEnsarEadorablE, [“kittens are adorable”] are one way to create longer, simple-to-remember passwords that are hard to guess and help protect against attackers who use dictionary attacks to target weak passwords.

When you enter these two examples into Security.org’s How Secure Is My Password? tool, you learn that kittEnsarEadorablE would take a computer 6 trillion years to decipher while m4p#P@R9w would take 400,000 years. Stronger passphrases should combine words from different categories.

In addition, NIST advises businesses against requiring special characters in passwords (unlike the frequently required addition of!, #, or $, for example) and against forbidding consecutive repetition of characters.

Glossary of Terms

Our email security checklist is all about making life difficult for the hacker who’s trying to gain control of a user’s email account. Spammers exploit organisation’s which rely on the core Microsoft tools because they know that such tools stop at email configuration and ignore the user vulnerabilities associated with malicious attachments. Your email security solution must include far more than a spam filter, and instead must extend to sandboxing and other techniques. Here are some of the common terms we’ve used explained in more detail.

Spam
Spam is email from hackers that has been sent with the intention of directing recipients to websites where they can download malicious software viruses or gain unauthorised access to your personal data. Spam is also used as an advertising strategy in which perpetrators send e-mails in bulk for financial advantage and profit, thus making spam emails a valuable commodity on the darknet marketplaces such as deepdotweb (deep web) site. Spam Filters are computer programs that scan messages so only those messages matching specific parameters get blocked.

Authentication
Domain-based message authentication, reporting and conformance (dmarc) protocol uses DKIM and SPF to verify the authenticity of sender domains prior to sending email messages. dmarc allows organisations to monitor mail policy implementation by generating reports detailing emails received from valid senders or those failing authentication checks for invalid senders, as well as when authenticated messages are sent out into the wild via SMTP transport. With two-factor authentication enabled you can add an extra layer of security.

spoofing
Spoofing is an email spoofing attack where an attacker uses a spoofed fake IP. In order to protect yourself from spam, it is important for you not only to have the anti-spam software installed on your computer but also use good internet security practices such as using strong passwords and enabling two factor authentication (2fa) when submitting sensitive information online.

ransomware
Email security comes in many forms, but it’s the “wildcard” that can compromise an organization within hours. Cybercriminals have been deploying ransomware as a means of extortion since 2013. Although ransomware is still a relatively new threat, there are now some technical controls and best practices you can put into place to protect your business from this type of attack , which is capable of emptying bank accounts at just about any time using brute force tactics or social engineering techniques .

phishing email
Email phishing email is the online crime that cybercriminals use to steal your identity and access your personal information, bank details or passwords. phishing emails are used by hackers to trick you into handing over sensitive data like login credentials or banking information. email phishing scam can be as efficient as a text message with an attachment containing malware, a virus, ransomware etc., which will cause havoc if left unattended on an infected device.

DKIM
DKIM is a standard that allows you to verify email sender addresses and their domain ownership. This feature can be enabled for every outgoing email in your server, so when an email recipient checks the sender’s name against his or her DNS record, they will get a green check mark instead of receiving an error message. DKIM is supported by most email client’s such as Mail, Thunderbird, and Outlook.

DMARC
A dmarc record authenticates an email. If the dmarc record is set correctly, it prevents spoofing and impersonation of messages. If you have an incorrect setting on your DNS (like your “trusted” sender list) or server as well as senders domain with misspelled or spelling errors this will often cause your emails to bounce.

Two-factor authentication
Two-factor authentication (2FA) is a two-step authentication process. It adds an extra layer of security to your email by requiring two verification attempts at the same time (elements). One factor can be either something you know, like a password or PIN, and another one is something unique to you like a fingerprint scan for Android or iPhone.

Malicious urls
The malicious urls category is an important one. Without malicious urls, there would be very few phishing attacks. For the best protection against these types of threats, you need a security solution that can detect and block those emails with malicious links or embedded malicious code before they reach your inbox. According to data provided by PhishLabs, one third of all emails contain malicious urls that are detected as malware-related content through advanced anti-phishing techniques.