How to strengthen email security? Explaining the types and how to choose

Email security refers to technologies and measures to protect emails from “external attacks” such as business email compromise and unauthorized access, and “internal threats” such as emails sent to the wrong address.

The main functions and measures of email security are as follows:

Since email remains the most commonly used communication tool in business , companies and organizations are required to continue strengthening their email security.

In this article, we will explain the necessity of email security, its main functions, and specific threats that can be addressed.

What is Email Security?

“Email security”​ refers to the technologies and measures for protecting emails and communications from all kinds of security risks, such as cyber-attacks that exploit emails and information leaks due to mis-sent emails.

According to the “Business Email Survey 2024” conducted by the Japan Business Email Association, the number one method of business communication among people who have email addresses is “email” (98.6%).

Even now, when chat and video conferencing tools have become widespread, business communication via email remains popular, and email continues to be used in cyber attacks and causes a great deal of damage.

Cyber ​​attacks using email

And more.

In addition to the above external threats,

There is also a risk of information being leaked due to internal threats such as:

Therefore, email security is an essential measure to deal with both external attacks and internal risks.

Main functions and measures of email security

Here are some of the main email security features and measures you should know about :

1. Antivirus function

The antivirus
function detects malware (a general term for malicious software or code) that is hidden in email attachments or links , and removes it before it can cause damage to your system.

​​Scanning emails and quarantining or deleting malware protects recipients’ devices. ​​As a basic security measure, it is important to always install an antivirus. ​

2. Encryption function for message body and attachments

By encrypting the contents of the email

​​S/MIME allows you to digitally sign emails and exchange encrypted messages. PGP is an efficient encryption method that combines public key cryptography and symmetric key cryptography. ​

3. Spam filtering

Spam
filtering detects and blocks unwanted spam emails before they reach your inbox.

Nowadays, even free email services have a wide range of spam filtering features, and users can set them up to minimize the impact of unwanted emails.

4. Authentication function

Authentication
is a technology to prevent spoofed emails and increase the reliability of emails. The main authentication technologies are as follows:

​DKIM (DomainKeys Identified Mail)

This technology uses electronic signatures to check whether an email is a spoofed one.

When the sender adds a “digital signature” to the header of an email, the recipient can verify it and confirm the authenticity of the email.

SPF (Sender Policy Framework)

SPF is a mechanism to check whether the sending IP address has the authority to send email from that domain (whether it is spoofed). The mail server authenticates the sender based on the sending permission list registered in DNS.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

An authentication protocol to prevent email spoofing. DMARC allows the owner of the sending domain to specify an authentication policy for email and receive the results. Also, by verifying the sender’s domain at the receiving server, it is possible to prevent the delivery of fraudulent emails (such as phishing and spam).

● SPF and DKIM …Technologies for authenticating email senders. Each method verifies the legitimacy of email.
● DMARC …Integrates the results of SPF and DKIM to control how to handle spoofed emails. Also provides a mechanism to receive reports of emails that fail authentication.

5. Mis-sending prevention function

The erroneous

Specifically:

There are things like:

6. Data Loss Prevention (DLP)

Data
Loss Prevention (DLP) monitors sensitive data contained in emails and filters them based on policies.

For example, if a policy stipulates that “emails containing important data such as credit card numbers or personal information cannot be sent,” the system will detect such emails and block them from being sent or notify the administrator.

DLP is effective in preventing unintentional information leaks and regulatory violations.

7. Log monitoring

The log
monitoring feature collects logs related to sending and receiving emails and monitors for abnormal activities and threats.

Specifically, the log records when, who, where, and what content was sent .

By checking the logs, you can quickly detect and deal with any mis-sent emails or suspicious email exchanges by employees.

Email Security Product Deployment Types

When implementing email

The advantages and disadvantages of each are as follows:

Cloud -based email security eliminates the need to build your own servers , allowing for quick deployment and low initial costs. Another advantage is that the latest security updates are automatically applied because it is cloud-based.

Gateway -type networks are deployed directly on an organization’s network, offering greater control and performance, but they are likely to require significant modifications to be deployed, and deployment and maintenance costs are a concern.

Finally, if you have a small number of devices, an endpoint-type product that can be installed on each device may be a good option. This ensures safety from external networks, and can be installed even by people with no server knowledge.

However, it is important to note that the more devices you have, the more complicated management becomes.

​​Why is email security necessary? Three reasons why​

Why is email security essential for companies and organizations (and ultimately for individuals)? We will explain with concrete data and the latest trends.

1. 94% of cyber threats originate from email

According to a survey on email systems conducted by Darktrace,

These figures suggest that the number of cyber attacks using email remains high.

Furthermore, cyber-attack methods using emails are becoming more sophisticated every year, making it difficult to counter them simply by blocking suspicious emails.

​​Multifaceted email security measures, such as detecting malware in attachments and disabling URLs in the email body, are required.

2. Many email-related threats ranked in the “Top 10 Information Security Threats 2024”

Email-related threats also rank high in the 2024 edition of the “Top 10 Information Security Threats” published annually

▼Top 10 Information Security Threats 2024

*Red text: Threats that are particularly related to email

Ransomware is a method of infecting a computer with malware via fraudulent emails and attachments, and a typical method of targeted attacks is targeted emails (fake emails aimed at a specific target).

​​In addition, “mis-sent emails” is one of the main causes of “6th place: Careless information leaks,” and it is clear that email-related security risks are selected in many of the top 10 threats.

The most commonly used business communication tool is email.

According to a survey conducted by the Japan Business Email Association in 2023, the top three methods of business communication are as follows:

“Email” (98.35%),
“Telephone” (82.44%), and
“Video conference/web conference” (75.52%).

​Even now, when remote work has become widespread due to the COVID-19 pandemic and various new communication tools have been introduced, email still plays a central role in business communication.

Considering all of the above, email security is essential for any business or organization.

Cyberattack methods are evolving every day, so it is important to constantly keep up with the latest threat information and take appropriate measures.

​​Threat that can be addressed by email security​

​​By taking proper email security measures, you can protect yourself from threats such as: ​

​​

Business email compromise​

Business email compromise is a type of fraud where fraudsters send fake emails impersonating business partners or company executives in order to defraud people of their money.

In a recent case, a scammer posing as the CEO of a technology company sent an email to the company’s financial officer, asking him to transfer a large sum of money. The officer believed the email and ended up sending millions of dollars to the scamme

Phishing attacks

Phishing
attacks involve sending emails purporting to be from major companies or public institutions, and tricking the recipient into clicking on a link in the email, which takes them to a fake website where they are tricked into entering personal information, which is then stolen.

Fake sites are often made to look exactly like genuine sites, so it is often difficult to tell them apart just by looking at them.

▼ Comparison of fake Mitsubishi UFJ Bank websites Source

If a user unknowingly enters their login information or card number, the information will be passed on to an attacker. For more information on countermeasures, please see the following article.

​This is an attack that spreads infection by attaching a malware-infected file to an email and getting the recipient to open it.

In particular, crimes and damage caused by ransomware, a type of malware, have been particularly rampant in recent years. Ransomware primarily infiltrates a target’s PC via email, encrypts files and data, and demands a ransom in exchange for recovery.

In the past, hospitals have experienced damage such as their systems being shut down by ransomware, making it difficult for them to accept patients, or hospitals actually having to pay large ransoms to attackers.

Email account hijacking

If an email account is hijacked through unauthorized login, there is a secondary risk that fraudulent emails or emails containing malware may be sent from that account to other employees or related parties.

For example, a company executive’s email account may be hijacked and used to send emails containing false instructions to employees or business partners, or a university professor’s email account may be hijacked and spam emails may be sent to an unspecified number of people, including students and other related parties.

Information leakage due to erroneous transmission

“A law firm mistakenly sent a client’s information to another client.”
“A medical institution accidentally sent patient information to a third party.”

There is a risk of information leaks if employees mistakenly send confidential internal information or personal data to an external party.

​Such mistakes can not only result in liability for damages, but can also cause the organization itself to lose credibility. In particular, for organizations and departments that handle a lot of personal information and confidential data, security measures to prevent erroneous transmissions are important.

Email interception​

There is also a risk that an attacker could intercept incoming or outgoing email communications and read the contents of messages.

These threats can be addressed by encrypting the body of emails and their attachments.

​​For email security measures, leave it to NDR “Darktrace”​

If you are considering an email security product, we recommend the NDR “Darktrace . ”

Darktrace is an NDR solution that collects packets from corporate and organizational networks and clouds, visualizes the communication status of the entire network, and detects abnormal behavior.

Dartrace is equipped with a self-learning AI that can understand the context behind emails and users’ email sending and receiving habits, making it possible to detect even highly accurate attack emails.

It can also autonomously detect various threats lurking in emails, such as:

In addition, the system automatically processes and executes set actions (e.g. disabling URLs or deleting attachments) according to the risk level of the email within approximately one second of receiving the email, thereby preventing the risk of the email being opened by mistake.

Darktrace is a cloud-based security solution that can be used in Microsoft 365 (Business Basic or higher license) or Google Workspace/G Suite (Enterprise plan or higher) environments.

Please see the following page for more details.

summary

In this article, we discuss email security , including its main functions, measures, and necessity.