Top 5 email security best practices to prevent malware distribution

email encryption
Thinkstock

A trusted channel

Email is a critical enterprise communication tool synonymous with sending important documents quickly and efficiently between employees, managers, HR, finance, sales, legal, customers, supply chain and more. That said, organizations often don’t understand that the file types used every day to share important information – standard files like Word docs, Excel spreadsheets and PDFs – are also the most common attack vectors widely used for the distribution of malware. For cybercriminals, it’s often too easy to target a user with a spoofed email or phishing attack, and trick them into opening an infected attachment that appears to be legitimate.

With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organizations to adopt appropriate security strategies and best practices to prevent a company-wide attack. Simon Taylor, vice president of products at Glasswall, articulates precautions that businesses can implement to thwart these threats and keep sensitive data protected from malicious actors.

risk

Analyze risk factors in attached email documents

As with anything, organizations need to consider and evaluate all possible avenues of attack and decide what functions their business needs to either keep or eliminate in order to safely operate. That especially goes when evaluating email attachments as a threat vector. Unbeknownst to many, exchanging documents represents a high risk -- about 98 percent of them do not conform to the manufacturers’ document design. Thus, organizations need to determine whether the aberration in the file is due to an attack, or something that’s just poorly written or configured, before they can effectively mitigate any potential threats. To address these risks, organizations need to comprehensively understand what documents are coming through their network, the types of files and structural problems, and what functional elements are attached that could represent risk. Creating a big picture view of the organization’s email security and risk posture is a critical first step in understanding potential threats and implementing effective policies designed to mitigate risk and thwart attack.

 

email security best practices
Kevin Dooley (Creative Commons BY or BY-SA)

Avoid relying on legacy technologies as stand-alone email security solutions

Once you get a handle on the risks, it will be imperative to apply the appropriate security solutions. Most organizations have all the standard border controls, including firewall, antispam, antivirus and even a sandbox, which are often still bypassed by targeted attacks. By now it’s clear that current antivirus and other signature-based solutions placed at the border are not stopping well-crafted, highly targeted attacks, leaving gaping holes in defensive security architecture. Meanwhile, attacks conducted via malicious email attachments have become increasingly more sophisticated, luring users with phishing campaigns that appear to be completely legitimate. Assume that traditional signature-based antivirus solutions and even relatively new sandbox technology will let a socially-engineered malicious document through to the user. Remember, it only takes a user to click on one malicious attachment for a company to face disaster. There needs to be a ‘new baseline’ for security with innovation that eliminates specific threat vectors rather than the ‘catch all’ border protection that is failing.

 

beams sky cloud sun

Look for the good (instead of going after the bad)

Addressing gaps in email security defenses will require a paradigm shift that supplants targeting the bad with techniques that look for and validate the “known good”. The reason? Cybercriminals are constantly updating their tactics while malicious files mutate so frequently, they’re almost impossible to track. Validating a file’s legitimacy against “known good” provides a high benchmark and offers an accurate point of comparison. To that end, organizations need to validate documents against the manufacturers’ specifications and regenerate only “known good” files. From there, they can create a clean and benign file, in its original format, which can be passed along without any interruption to business. In short, it’s taking security away from the border level, and asserting control over the document by bringing security to where it’s needed most – at the file level. Similarly, organizations should also continue this proactive stance by leveraging deep file-inspection, remediation and sanitization tools to eliminate malicious documents before they enter the system.

 

byod

Restrict BYOD with specified policies around document transmission

The BYOD phenomenon undoubtedly comes with a myriad of benefits – not the least of which is giving employees flexibility to work from anywhere and conduct both personal and business activities, including document transmission, with the same device. However, while convenient and efficient, conducting business functions from a personal device often undermines control organizations have over the types of sites and apps used by the employee. This in turn enables employees to potentially expose corporate data to information-stealing malware and unintentionally put the organization at risk of attack. Meanwhile, malware that can be transmitted via attachments to employee workstations can just as easily be transmitted via mobile devices – and what’s more, many mobile devices aren’t equipped with security solutions aimed at detecting infected documents. Thus, malware from infected documents successfully downloaded on a company mobile device will have the same access to sensitive information as it does on the corporate network. While the ability to send attachments via mobile devices might be an inevitability for some, it’s best to judiciously determine for whom this function is an absolute necessity, and then restrict this function to employee workstations for everyone else.

 

8 restrict
Andrew Gustar (Creative Commons BY or BY-SA)

Allow only the file types and functional items that users need

Ultimately, organizations need to reduce the risk of a single employee opening up their whole organizations to a malware attack. Among other things, that means determining what kinds of file types and functional items employees need to do their jobs. Organizations need to assess all the variables, including potential threats employees are exposed to when receiving specific attachments, and then decide what functions the business needs to productively operate. For example, which departments need macros, JavaScript or embedded links in the documents they receive? If certain departments, groups or individuals don’t require these functions, reduce the risk by setting appropriate restrictions. Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table.

RELATED: Email security appears grounded as attacks continue to take flight

Add a comment to our Facebook page.