Preventing an Email Security Breach: The 3-Pronged Defense

Aug. 13, 2018 by Sparky

The Radicati Group reported that the total number of business and consumer emails sent and received per day will exceed 281 billion. That’s a lot of opportunity for bad actors to launch attacks.

Leading Email Attack Types

Attack Type What It Does
Ransomware Attack commences via email. If a user clicks a link or downloads an attachment, malware encrypts data on the drive and spreads to the network to encrypt data on more connected drives. Attackers demand ransom for an encryption key.
Phishing Large volume spam email that seeks sensitive information from the recipient. Although some messages are hilarious, if even one employee is fooled into responding the outcome is anything but funny.
Spear Phishing Sophisticated email attacks sent to selected executives. They appear genuine and many users respond. Malware inserts itself onto the device and network.
Attack Loops Backup is the traditional way to defeat ransomware without paying the ransom. Attack loops infect backup by sending a phishing email. If the employee clicks on a link or attachment, the malware silently inserts itself onto the network and on-premises or remote backup. A subsequent ransomware attack encrypts all network and secondary data, making it impossible to restore from backup.

Enabling Secure Email: The 3-Pronged Approach

There are three parts to protecting your email: train your users to recognize attacks, secure user devices and choose an email provider with strong security. The first two are user-centric. The third is the responsibility of your email provider.

#1: Train Your Users to Recognize Email Attacks
Human error is the single largest vulnerability for email. It might be easy for your employees to ignore secret money transfer requests from the United Nations. It’s not so easy if a phishing email appears to be the genuine article from the user’s bank, or if a spear phishing message is perfectly tailored to fool an executive into downloading an attachment. Train your email users to recognize phishing expeditions and to contact IT with any concerns.

#2: Secure User Devices
Email-borne malware on a connected device will quickly spread to the user’s network. However, securing the individual device against intrusion or other types of malware provides a valuable layer of protection.

  • Anti-malware. Both Android and Apple devices are subject to malware attack. (It’s a myth that iOS devices are immune to malware.) The difference is that Apple devices ship with stronger anti-malware protection than most Android devices. However, if an Apple device user suspends anti-malware apps or skips updates, they leave their device vulnerable to malware insertion. The same goes for Android.
  • Robust data encryption. Encrypt devices to protect against data loss or cyberattack and consider two-factor authentication.
  • Patching. Meltdown/Spectre refer to potentially disastrous malware that exploits most computer chips manufactured in the last two decades. Microsoft, IBM, Google, Intel and Apple are among the many vendors and developers who have released Meltdown/Spectre patches for computer chips.

#3: Choose a SaaS Provider with Strong Security
When IT is responsible for on-premises email servers, there are many additional steps they should take to secure email. When a company turns to a SaaS provider like SparkPost, the provider should provide the highest levels of physical and digital security.

SparkPost is SSAE-16 SOC II Type 2 Certified for corporate and cloud infrastructure. Our data centers use Amazon Web Services (AWS) infrastructure to host our environment. This enables us to use Amazon’s own high security environment including access logging, identity and intrusion protection systems, and continuous security monitoring in their data centers.

In addition, we use a robust and thoroughly tested Business Continuity and Disaster Recovery Plan to protect your business and its data.
Application level security includes strong passwords, two-factor authentication (2FA) and secure SAML account access. We routinely scan applications for security issues and repair any vulnerabilities, and encrypt using TLS, SSL and HTTPS protocols. Independent testing partners carry out intrusion detection testing on our perimeter and data center infrastructure.

Securing email against determined attackers takes a multi-pronged defense. Make sure your SaaS email provider does their part. Better yet, make sure that like SparkPost, they go above and beyond in protecting your priceless data.

– Sparky

Email Security Cloud Blog Footer


Related Content

Email Security’s Hidden Complexity: Are Termites Eating Your House?

Any company working with customer data or providing any service online needs to pay close attention to security and get their "house" in order.

read more

What Game of Thrones Reveals About SaaS Email Security

The defenses and vulnerabilities of castles in Game of Thrones should be a warning for SaaS providers about phishing and email security.

read more

How to Protect Your Personal Devices From Online Security Threats

With the slew of new technology gadgets, there is an increased risk of mobile and online security threats. Here are a few tips to keep your devices safe.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Now

Send this to a friend