Email Security Flashcards
Phishing is the number one attack vector for compromising organizations, leading to data breaches. Even today it seems that email security is always an afterthought when it really should be a top priority. This lesson will introduce you to some basic email defenses, and what they do to protect the organization from attacks. These security controls will be expanded on in future domains of this course, this lesson is designed to provide a foundation that will be constantly built on. It is important to note that malicious emails are targeting humans instead of any IT systems, and employees need to be trained to spot and respond to malicious emails that bypass any technical defenses that are put in place.
Spam Filter
A spam filter is a piece of software that scans incoming emails to see if they have telltale signs of spam or malicious emails and prevents them from being delivered to employee mailboxes so that they don’t fill up with junk or dangerous messages. This is a basic but core security control when considering emails, and whilst some emails will get through, this provides a frontline defense reducing the work for security analysts and other security technologies.
Data Loss Prevention
Data loss prevention (DLP) or data leak prevention is a security control that works to prevent sensitive business or personal information from leaving the organization in an unauthorized manner. This data can be categorized as files, banking information, account credentials, or PII; for the purpose of this module, we are focusing on the application of DLP technologies to email communication (we’ll cover the other applications of DLP later in the course). Depending on the DLP solution in use, it can monitor outgoing emails at different levels, such as:
email body content
email headers
email attachments of various types
If the DLP solution deems important information is about to be sent out of the organization, these emails will not make it past the email gateway and will not be sent. Emails can be scanned for specific keywords or use regex queries to flag messages containing certain content. If a disgruntled employee wants to send business-critical information to a rival organization before they are fired, they could attempt to send documents outside the organization by email - DLP would detect this, alert the security team, and prevent the email from being sent.
Email Scanning
Typically phishing emails will contain either a malicious URL or a malicious attachment (or both), and specially designed scanners will read the email header and body, and work to identify malicious indicators either using patterns or signatures, or blacklists that include lists of known malicious email senders, file hashes, and domain names. When a suspicious email has been detected it can be quarantined so it’s not delivered to an employee mailbox, and an alert is generated to inform the security team to investigate.
Security Awareness Training
Security awareness training should be a mandatory program that new employees must complete, as well as be completed routinely by all employees, with time frames often dictated under different compliance frameworks (which we cover in a lesson under the Management Principles section within this domain). While this will focus on all different areas of security, phishing should play a large role in this. Employees need to be told clearly how to spot suspicious or malicious indicators, and what steps the organization wants them to take, such as messaging or ringing the security team to alert them, or forwarding emails to a specific mailbox. Emails will get through technical controls, so it is crucial that employees who receive them know what to do, and don’t click on any links or run any attachments. Security awareness training can also be paired with simulated phishing campaigns conducted by the security team, to highlight metrics such as the number of employees that have reported the email to security and employees that have clicked on the (harmless) malicious link.
