Four Practices for Enhancing Email Security

Just as businesses depend on email for work, threat actors count on it for conducting malicious activity. According to Cofense, the three most prevalent types of attacks against email systems in 2021 were credential phishing, business email compromise (BEC), and malware delivery. Specifically, the data revealed that 70 percent of all email attacks were credential phishing.

Regardless of the type of attack, there are a few email fundamentals that organizations can implement to increase overall cybersecurity and resilience. First, user awareness training is critical for fostering a disciplined and informed workforce that can carefully discern legitimate email communications from phishing scams. Second, employees should know how to report a suspicious email as soon as they detect one. Third, security personnel should be able to conduct a rapid response to remediate potential threats after employees have identified one, that means ensuring a phishing email identified by one employee is scrubbed from across the company’s email system. Finally, companies should have some type of post-delivery analysis capability that can proactively detect threats in an email server. Typically, secure email gateways (SEGs) are used for this, and entities often stack SEGs to increase the chances of catching a threat. For additional information on increasing your organization’s email security read more at SecurityWeek.