Monday 5 December 2016

People are critical to Email security! The Human Firewall



One of the biggest targets of Spammers/Cyber Criminals are Companies Email Systems which have larger Business. The reason being due to their greater surface area of Risk and opportunity to exploit.

According to Recent Survey, more than half of the Organization invest a big part of their profit in resources, time in building a strong email system, the System wouldn't be worth if Humans, Employees are not on Board --- The Human Firewall.

Your Human Firewall are the first one who should understand the best Security practices and how to handle that. As of now most of the organizations aren't not educating their employees.

Some Steps that Companies Should take to secure their data from Breach. 

It starts with focusing on both technology and people using it.



1. Put absolute security protocols in place and build partnerships with in Business.

Email Security System needs to work from the time the message was sent, to when it received, weather its coming in or going out of your network.

There are several important elements to put this foundation in place, including:

·         Encryption, such as Transport layer Security (TLS): it’s basically lets the Email Servers to communicate in a Secure manner over an encrypted channel, blocking bad actors from accessing the content of emails that they intercept.
·         Email Verification System: Domain-based Message Authentication, Reporting Conformance (DMARC) is an effective system that lets servers validate that lets servers validate that incoming mail actually comes from the organization that is listed as the sender. its build on both a Sender Policy Framework(SPF) and Domain Keys Identified Mail(DKIM), ties them together to verify email addresses and automatically discards any messages that fail the test.
·         DMARC/SPF records. In addition to testing inbound mail, you should publish DMARC/SPF records for your organization's domains, and sign outgoing messages with DKIM, to prevent the sending of fake emails that appear to come from your company.
·         The right role for security team. Administrative controls should allow the security team to have transparency and operational security oversight of the email platform. This includes using separate administrative accounts as well as monitoring access to these accounts, since they are often prime targets for hackers.

 2.  Educate and engage employees on how to use security tools properly and make them aware of their individual responsibilities and company policies with ongoing training and communications.

Implementing security best practices for all employees — i.e., policies for "bring your own device" and mandated password changes — plays an important role in employees making the right decisions around email security. However, these protocols should also resonate with employees. Creative communication techniques — such as webcasts and quizzes — can help employees realize the importance of security practices by linking important aspects of security from their private lives to their work lives.
Engaging employees will also help security teams overcome the challenge of employees viewing security as an obstacle that prevents them from doing their work. Instead, when security becomes personal, employees are encouraged to be active partners in helping to protect the organization.

3. Continually monitor and measure effectiveness of your security program and human firewall to manage your risk.

Monitoring and measuring the effectiveness of email security programs and the human firewall must be an ongoing effort. Employee security awareness must evolve with the constantly changing technology industry. This starts with keeping metrics that track the security awareness of employees over time. Metrics to use should include the number of reported incidents, visits to unapproved sites, email violations, phishing report rates, and insider threats, percentage of infections while employees are remote, and the average time it takes employees to report a lost device.
You can also monitor for employee compliance by testing your employees with simulations, such as periodic phishing awareness. Organizations should use this tactic to get a sense of whether communications, training, and policies are connecting with employees and are effective in securing the email system.  
Emails are accessed by every employee and contain confidential information about your company and customers, making them both difficult and crucial to secure. Because of the human element, a mix of comprehensive security protocols, educating and engaging employees, and continuous monitoring is needed to prevent emails from becoming a gateway for hackers.