email security - Checks & Controls

Blog for Information Technology, Information Security and Digital Marketing Enthusiasts.

Tuesday, June 23, 2020

email security

Hello Friends. Greetings of the day.

Today, in this article, we will discuss in detail about email security and email security standards.


email security


Email security describes different techniques for keeping sensitive information in email communication and accounts secure against ransomware, unauthorized access, loss or compromise.

In order to protect email from spammers and hackers, a number of email security standards and protocols have been developed. These standards ensure that the mail that has been sent has reached the receiver without losing its integrity. Email has always been the weakest part of IT security. This is the way hackers tamper with your computer or data.

It is estimated that 51% of  global users have been impacted by ransomware in the past 12 months, 31% have experienced data loss due to lack of cyber resilience preparedness, 60% experienced an increase in impersonation fraud in the last year, 82% have experienced downtime from an attack, 77% believe weak passwords pose a risk of a serious security mistake, 58% saw phishing attacks increase, and 60% of respondents' organizations were hit by an attack spread from an infected user to other employees.


We are telling you few ways through which you can protect your  E-mail.

Use of cloud-based service
Companies offering email service protect communication channels with the help of spam filters, firewalls and detection engines. Those email flows control the flow of email to and from the company's network. By routing the email from the gateway, you can start the effective security of the email. The cloud platform keeps security patches up to date.

Encrypt email from TLS
Since email is used for sensitive business-related conversations, encrypting messages can help you avoid many problems. You can use Transport Layer Security (TLS) to encrypt email on platforms like Google G Suite and Microsoft 365. TLS provides the security channel for communication and only those who send and receive it can read the message.

Stay aware of imitators of hackers
Many times hackers perform activities like stealing data or money by showing themselves like other email users. Stu Sjouwerman, CEO of KnowBe4, a security training company, says, "Sometimes the CEO is at his desk and employees receive an email message asking them to transfer money." This is an example of spoofing email. 

Configure email server
Sjouwerman says that one way to configure email is to properly set up domain-based message authentication, reporting and confirmation (DMARC). With this protocol you can be sure by checking the validity of incoming email. This can help companies check email validity, in which the sender sends a message after identifying someone.

Phishing training
Email training is an important part of any company's cyber security strategy. It must be told that the attachment should be opened only when you have asked someone to send it. While this may sound like a common sense, information such as user credentials or credit card numbers are easily accessible to hackers when caught in a phishing attack. If attachment is not required with the email, then you confirm with the sender whether they have sent it or not?

Implement SPF (Sender Policy Framework)
SPF acts as an email authentication standard that help to protect senders and recipients from spam, spoofing, and phishing. It sets a way to validate that an email was sent from an authorized mail server and was designed to supplement the SMTP (Simple Mail Transfer Protocol) protocol that’s used to send email because SMTP doesn’t include any authentication mechanisms.
SPF also depends on the well-established Domain Name System (DNS) that maps a web server name, such as abracadab.com, to an IP (Internet Protocol) address usable by a computer. It works like this:
A domain administrator publishes a policy, called an SPF record that defines which mail servers are authorized to send email from that domain. The SPF record is listed in the domain’s overall DNS records.
When an inbound mail server receives an email, it looks up the rules for the Return-Path domain in the DNS records. The server then compares the IP address of the email sender with the authorized mail servers defined by the SPF record.
The SPF record lists rules used by the receiving email server to decide whether to accept, reject, or otherwise flag the message.
SPF
SPF-working model


Domain keys identified mail
It is a digital signature approach, through which the reciever can check whether the mail that came from the authorized domain or not. But it is also less useful because through this we can whitelist and blacklist only domains.

S / MIME
S / MIME is its full name secure / multipurpose internet mail extensions. It is an end-to-end encryption protocol. When we send an email, S / MIME encrypts our email. And only the reciever can decrypt it.
S / MIME is implemented by your email client but requires a digital certificate. Nowadays S / MIME is supported by many modern email clients.

PGP / OpenPGP
The full name of PGP is pretty good privacy, it is also an end-to-end encryption protocol. But its equivalent OpenPGP is used more.

What OpenPGP is is an open-source implementation of the PGP encryption protocol. It uses the public key cryptography method to encrypt and decrypt email.

You can enter OpenPGP in your email security setup by following applications.

Windows: Users of windows can use Gpg4win.
MacOS: users of macOS can use Gpgsuite.
Linux: linux users can use gnuPG.
Android: Users of Android can use openkeychain.
IOS users can use PGP everywhere.

Apart from the above mentioned topics to provide email security, focus should also be given on email security tools like a secure email gateway and email encryption solution.
An email encryption solution is especially important for organizations required to follow compliance regulations, like GDPR, HIPAA or SOX, or abide by security standards like PCI-DSS.
These controls enable security teams to have confidence that they can secure users from email threats and maintain email communications in the event of an outage.


Request: Friends, this was the post of email security standards .I hope this post will prove useful for you. Do share it with your friends .Thank you.