Today more than ever, IT is in a place where admins must be steps ahead of the bad guys. Email systems are one of the areas that is at the forefront of that battle. This is true for all companies regardless of size. Email is a critical function of how we do business and unfortunately, it’s an attack vector that is often under protected.
Being Steps Ahead
A few months back, I was speaking with someone about a product they were considering for educating users on email-based threats. There are numerous systems that focus on training users to be on the lookout, recognize and report suspicious emails. While these systems have a place in the world, the fact of the matter is that, in IT, we also need to be steps ahead of our users.
Education is great, but it shouldn’t be your primary line of defense. We shouldn’t be putting users in the driver’s seat when it comes to security related decisions. I say “decisions” like it’s a big deal. Obviously, we aren’t going to let users determine the IT security posture of the company, but allowing a user to roll the dice and determine themselves whether a suspicious email is actually phishing or not is a risk that companies should not even consider. For the average end user, the risk of a compromised account may not result in access to a wealth of corporate data, but if a high-level target (think C-suite) clicks on the wrong email, it could be catastrophic.
Malicious emails are getting craftier by the day. We owe it to our users to remove this illusion of choice from the equation. No one would expect an IT admin to be asked to make the best choice for the company with respect to healthcare benefits, so why would IT expect non-IT savvy individuals to be capable of identifying a needle in a haystack?
Protecting Your Email
This is where email security solutions come into play. While most platforms (Office 365, Gmail, etc.) have some form of basic spam protection built in, they are spotty at best, offer very limited options and just don’t cut it.
In the world of email security platforms, there are a few major players. Some provide hardware that can be setup on premise while others reside 100% in the cloud. Some solutions have fully inline solutions that sit in between a company’s public MX record and their mail server, and others that integrate via API and process mail intelligently from within the email platform itself.
Maybe it’s not just the bad guys you are worried about — maybe it’s just the volume of junk that is hitting your users’ inboxes every day. Keeping unproductive emails from reaching a user could be the difference between an important message being answered or going completely unnoticed. Ever heard of those multi-figure deals slipping through the cracks because an email was never received (i.e. accidentally deleted)?
In 2023, InterWorks began a partnership with Mimecast. We recognized the extensive measures being used by the team at Mimecast to put the strongest barrier in between end users and the bad guys. Mimecast leverages years of experience providing email protection services and is using the latest in AI based approaches to predict and analyze threats before they reach end users. Mimecast even takes things a step further and not only enforces policy against inbound and outbound messages, but can also monitor internal email traffic to identify and prevent compromised accounts from circulating emails within the organization.
To find out more about how an email security solution fits within your company’s environment, contact us. We’d love to hear about your IT strategy and discuss how to keep hackers at bay for years to come.