Just about every organisation in the world relies on email. And yet, securing this mission-critical platform is often not treated with the diligence that is required. One of the best ways to mitigate against the threat of compromise is a combination of user education, vigilant practices, and the adoption of next-gen technology.
“While email systems continue to evolve and can further be enhanced using more sophisticated technologies, the real gatekeeper is the end-user,” says Deon Lottering, senior consultant at Obsidian Systems. “It is therefore essential for people to scrutinise the authenticity of an email before clicking on embedded links, replying to the mail, or downloading any files. Companies need to educate employees and make them aware that they are the last line of defence.”
One of the first things any person must do is to double-check the sender details, especially the ‘from’ address. Minor changes to domain names can easily trick unsuspecting users into believing an email has been sent from a legitimate source. For example, ‘zimbra.co.za’ instead of ‘zimbra.com’. These often go unnoticed and could result in significant security breaches.
Lottering also cautions against the rise of targeted spam or spoofing.
“These instances have reached a level where the emails may seem extremely genuine, even appearing to come from known contacts. We had a client who, due to an oversight in not confirming banking details in-person, ended up with a significant financial loss.”
Fortunately, AI-based threat detection solutions can assist in this regard but should never be seen as the only defence. So, even though companies need to use the latest cybersecurity technologies, they should never replace enterprise-ready, proven solutions in the fight against email malware.
For individual users, Lottering recommends using strong passwords combined with two-factor authentication. Furthermore, he says that it is essential for companies to embark on continual education drives regarding potential cyber threats while also adhering to safe email practices. Of course, using reputable antivirus software specifically tailored to scan emails is vitally important.
On the server side, Lottering suggests that all incoming emails should be scanned against known blacklists, checked thoroughly for spam, and inspected for potential viruses and malware. He also suggests that companies enforce strict password policies to further strengthen their security.
“The blend of technology and human intervention will be the future of email security. While technology provides the tools, it is the users who must adopt them. At Obsidian, we aim to make this approach as seamless as possible.”