All too often enterprise administrators follow best practices for numerous network infrastructure but forget the importance of email cybersecurity. You could argue that email cybersecurity is more important than any other OpSec strategy since many of the biggest data breaches start with a phishing email. With more employees working from home due to COVID-19, it’s more important than ever to ensure that email cybersecurity is configured and implemented across all communication channels.
Firewalls, access controls, user identity management, and other network fundamentals are all components in good cybersecurity posture. But EmailCybersecurity is equally as important in blocking and protecting you from malicious malware and you won’t even see suspicious emails because they are put in quarantine to be reviewed.
Email security is built on two things – Sender Policy Framework (SPF) and Domainkeys Identified Mail (DKIM). An SPF record is the easiest to implement and takes only a few minutes of the administrator’s time. The SPF record is added to the organization’s DNS server as a TXT entry. This TXT entry is a string with specific syntax that provides recipient email servers with a list of authorized IP address that can be used to send enterprise email.
DKIM is similar to en encrypted signature. A header is added to an email message with the senders own signature. The recipient verifies this signature to ensure that the message was sent by the recipients domain. With SPF and DKIM , cyber security validated the sender and completely stops the recipient email servers from sending spoofed phishing emails to that users inbox.
The recipient email server can be configured with Domain-based Message Authentication, Reporting and Conformance (DMARC) cybersecurity. DMARC rules determine how an email server should handle messages when SPF and DKIM are present. With strict DMARC rules, email servers might reject messages where no SPF record is present. For instance, organizations that use Google Suite might find their domain emails blocked if an SPF record is not present for the third-party sender.
Only one successful phishing email is all it takes for an attack to break into a network and send more and more of these to higher targets. A recent Ponemon report the average cost of any breach is $3.82 Million, and a lot of these breaches use text to trick the recipient into clicking on harmful links with a malware attachment.
Tech Radar has reported that a trillion emails are sent per year and that 3.4 billion are sent per day. With employees working from home there’s a high risk of them receiving one of these emails and could be the next vessel for a huge breach.
Even trained users can be susceptible to these sorts of attacks and if a phishing email is opened the large amount of data this person has been trusted with could be completely stolen and sold on Darknet markets to be used in a long term attack.
With many email attacks happening more and more often , cyber security should be part of all organisations’ networks. Firewalls to block these attacks are necessary and usage of DMARC , DKIM and SPF are basic cyber security tools that minimise the threat of severe data breach.