4.4. Security Toolkit: Email Security
What Everyone Needs to Know
Developing an approach to email security typically involves multiple procedures and techniques for protecting email accounts, content, and communication against unauthorized access, loss, or compromise. Email can be used to infect a device with malware, spread spam, and target users with phishing attacks.
Attackers use deceptive messages (e.g., emails that look like they’re from a reputable source like Microsoft). They use these deceptive emails to entice recipients to part with sensitive information (e.g. to share account passwords), to open attachments (which might install hidden software on the user’s computer), or click on hyperlinks (which will also install malware on the victim’s device). Email is also a common way for attackers to gain access to a network and obtain valuable company data, often using “social engineering” (e.g., pretending to be an official representative from a company to get passwords, information about security, etc.).
What IT Needs to Know
While basic spam and antivirus email protection are useful in reducing email threats, standard email filtering is no longer sufficient. A dedicated advanced email security tool will offer improved spam and phishing protection, compared to the basic protection included by default with most email services. When looking at options for email security, look for solutions that can:
- Control device access
- Identify suspicious user behavior
- Improve spam and phishing protection
- Maintain communication confidentiality
- Protect against zero-day threats
- Provide real-time threat protection
- Stop ransomware attacks and other threats
As with many other technologies, the price for email security tools can vary greatly depending on how you contract and purchase the different services. As usual, consider services that integrate with your existing technology infrastructure and strategy to reduce setup time and cost.
Solutions to Consider
- IronScales: Website, Pricing
- Proofpoint: Website, Pricing
- MS Defender: Website. Pricing
- Mimecast: Website, Pricing