{"id":6593,"date":"2021-04-13T14:09:05","date_gmt":"2021-04-13T12:09:05","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=6593"},"modified":"2021-04-13T14:09:06","modified_gmt":"2021-04-13T12:09:06","slug":"how-to-choose-the-right-email-security-service-for-your-organisation","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/how-to-choose-the-right-email-security-service-for-your-organisation\/","title":{"rendered":"How to choose the right email security service for your organisation"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h2 class=\"wp-block-heading\"><strong>With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here\u2019s how to select the right provider.<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/fearn_nicholas.jpg\" alt=\"Nicholas Fearn\"\/><\/figure>\n\n\n\n<p>By <a href=\"https:\/\/www.techtarget.com\/contributor\/Nicholas-Fearn\">Nicholas Fearn<\/a><\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>Email security\u00a0is a growing problem for businesses in all industries. <\/p><\/blockquote><\/figure>\n\n\n\n<p>According to a report by software firm\u00a0Egress, 95% of IT managers believe that email puts data at risk, and 83% of organisations have seen an email data breach.<\/p>\n\n\n\n<p>As email security threats become increasingly common and dangerous, businesses must take precautions to secure their email systems. Although there is no silver bullet approach to solve this issue, many different email security systems are available on the market. But how do organisations choose the right one, and will it be enough?<\/p>\n\n\n\n<p>When it comes to choosing an email security service for your business, one of the most important things to consider is the online environment you want to secure. Adrien Gendre, chief solution architect at\u00a0Vade Secure, says: \u201cWhat works for [Google] G Suite might not be the right fit for\u00a0Microsoft Office 365\u00a0email. For example, sophisticated hackers are known for reverse-engineering email security solutions \u2013 the process of uncovering weaknesses in a solution and developing ways to exploit those weaknesses.\u201d<\/p>\n\n\n\n<p>Gendre warns that for businesses considering a gateway or cloud gateway, hackers could conduct a quick MX record search, discover the gateway protecting their Office 365 email, and adjust cyber attacks depending on their knowledge of the defence layer being used.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cIn most environments, they can bypass the gateway to reach the public Microsoft 365 entry points directly,\u201d he says. \u201cIn that case, an API-based solution is the better fit because it is inside the Microsoft tenant and is invisible to hackers while usually offering additional capabilities like automated response to threats.\u201d<\/p><\/blockquote>\n\n\n\n<p>KVC Health Systems, a US-based, non-profit child welfare and behavioural healthcare organisation, has witnessed many\u00a0phishing and spear phishing emails\u00a0over the years. However, it experienced a surge in email attacks when it migrated to Office 365.<\/p>\n\n\n\n<p>Erik Nyberg, vice-president of IT at KVC, says: \u201cHealthcare data has the highest revenue on the open market. It would be detrimental to our reputation \u2013 if not our organisation \u2013 if we had a leakage of that information.<\/p>\n\n\n\n<p>\u201cThe executives were emailing me once a week about something that had got through. It was always a pain point, but it just increased after switching to Microsoft 365. I\u2019ve never been happy with an email security solution. Something that stops 80% of bullets just isn\u2019t enough.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>AI-based email security<\/strong><\/h3>\n\n\n\n<p>But since implementing an\u00a0artificial intelligence (AI)-based\u00a0email security system from Vade Secure nine months ago, KVC has not seen any serious email attacks. \u201cMost years, at least one to two phishing attacks or attempts get through,\u201d says Nyberg. \u201cI haven\u2019t had an email situation since I went online with Vade. The catch rate of Vade Secure for Microsoft 365 is a 15%, if not higher, improvement from any email filter I\u2019ve seen. Vade catches what Microsoft misses.\u201d<\/p>\n\n\n\n<p>Four Communications, a London-based PR agency, has also faced a range of email security challenges in recent years. It adopted email security and archiving services from cyber security firm\u00a0Mimecast\u00a0to help solve these.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cAt Four, we have acquired a number of new companies in recent years,\u201d says Jake Fraser, the firm\u2019s IT and operations director. \u201cWith each acquisition comes new employees and this naturally brings IT complications, including how to quickly move new employees from their legacy email infrastructure to Four\u2019s without losing any data \u2013 no matter what platform employees are transitioning from.\u201d<\/p><\/blockquote>\n\n\n\n<p>Four Communications relies heavily on email every day, so keeping it operating smoothly is essential. Fraser says Mimecast email security and archiving solutions are allowing the firm to transfer new employees to its email infrastructure in several weeks, rather than months.<\/p>\n\n\n\n<p>\u201cOn top of this, Mimecast ensures all historical email is archived and organised in the same folder structure that employees had before, so everything is familiar,\u201d he adds. \u201cWhen it comes time for cutover, there is no pain at all and, critically, no chance of data loss.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Finding the right solution<\/strong><\/h3>\n\n\n\n<p>To find the most effective email security provider, organisations must consider several important factors. Andrew Rogoyski, cyber consultant and innovation team member at the\u00a0University of Surrey, says: \u201cPeople are still using email in place of paper trails, so when selecting services, you need to ensure that you have archiving, recovery, signing, encryption and other functions which protect the confidentiality, integrity and availability of the information in emails.\u201d<\/p>\n\n\n\n<p>Another area to take into account when selecting an email security service is\u00a0data residency, says Rogoyski. Organisations should find out where their email data will be held and processed geographically due to legal issues regarding data protection, privacy and encryption.<\/p>\n\n\n\n<p>\u201cYou may, for example, want to deliberately choose to host your email services in a country with strong privacy and data protection laws, like Germany,\u201d he says. \u201cData residency became a big topic when the GDPR [General Data Protection Regulation] first came into force in 2018.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cYou may want to choose to host your email services in a country with strong privacy and data protection laws, like Germany\u201d<\/p><p><strong>Andrew Rogoyski, University of Surrey<\/strong><\/p><\/blockquote>\n\n\n\n<p>\u201cHowever, with the UK no longer in the EU, data protection laws may change and potentially diverge from those of Europe, so we will have to demonstrate\u00a0data protection equivalences\u00a0in order to inter-operate with EU countries. The UK may then have to create its own version of the EU-US Privacy Shield framework \u2013 a tremendously complex process\u00a0that even now is in trouble.\u201d<\/p>\n\n\n\n<p>Rogoyski says email security service providers should also build\u00a0quantum-resistant encryption\u00a0into their services, pointing out that some are already doing this. His concern is that current encryption methods will eventually be rendered useless by the rise of quantum computing.<\/p>\n\n\n\n<p>\u201cMany existing forms of encryption used to protect information in emails and other digital information can and will be broken by the advent of quantum computers,\u201d he says. \u201cWith IBM, Google and others promising viable quantum computers by the end of the decade, there isn\u2019t a lot of time to prepare.<\/p>\n\n\n\n<p>\u201cOrganisations are currently storing sensitive information like emails that in a few years\u2019 time will become completely transparent. The US agency NIST is running a process to decide on the most promising \u2018quantum resistant\u2019 encryption algorithms to use. When they decide, hopefully this year, the race will be on to replace vulnerable encryption algorithms.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Other considerations<\/strong><\/h3>\n\n\n\n<p>Although email security systems offer many benefits, businesses should also give their staff cyber security awareness training so that they know what different email security threats look like, the best way to respond to them, and ultimately how to prevent them happening again.<\/p>\n\n\n\n<p>Steven Gailey, head of solutions architecture at\u00a0Exabeam, says simple solutions such as regular security training can sometimes be the most effective. Regularly training staff on cyber security risks will ensure that these issues are at the top of everyone\u2019s mind \u2013 and this should be the first line of defence at every organisation, he says.<\/p>\n\n\n\n<p>Email security solutions may help businesses to identify threat campaigns targeting them, says Gailey. In particular, the latest endpoint protections can identify and block phishing measures, links to malicious websites identified by threat intelligence databases, and malicious processes being executed on end-users\u2019 devices.<\/p>\n\n\n\n<p>But he warns that it is impossible to stop attacks from happening completely, even when implementing the best security processes. Because of this, organisations need the ability to identify different attacks as soon as possible and take the best course of action.<\/p>\n\n\n\n<p>Jake Moore, a security specialist at\u00a0ESET, says an email security solution should offer the strongest defence against constant cyber attacks. Additional layers of security, such as integrated multifactor authentication, are also vital in today\u2019s climate, he says.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><strong>\u201cA highly secure solution can be costly, but it far outweighs the cost as email security is an investment to any organisation\u201d<\/strong><\/p><p><strong>Jake Moore, ESET<\/strong><\/p><\/blockquote>\n\n\n\n<p>\u201cA highly secure solution can be costly, but it far outweighs the cost as email security is an investment to any organisation,\u201d says Moore. \u201cDecision-makers must consider the rate of false positives and attachment scanning that can often slow down the rate of efficiency. Solutions such as sandboxing can prove vital in organisations that deal with huge numbers of attachments, maybe even unsolicited.\u201d<\/p>\n\n\n\n<p>But, like Gailey, he believes organisations should make their employees aware of different cyber security risks as well as using an email security system. \u201cHowever, staff can quickly find workarounds for such inconvenience, so even with the best email security services in place, awareness training bolted on will increase the protection in the organisation,\u201d he says.<\/p>\n\n\n\n<p>Nicola Whiting, chief strategy officer at\u00a0Titania, says organisations should ask a number of essential questions when considering different email security services. These include finding out how the product evaluates malware, how wide-reaching the threat information is, how often this threat intelligence is updated, how accurate the provider is in defending and in allowing mail you need through, whether it transfers your email to an external service for processing in any way, how easy the service is to integrate and administer with current systems,\u00a0 how customisable a system is, and whether it is user-friendly.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>She adds: \u201cFor some organisations \u2013 especially SMEs and startups that may not have as many layers of security \u2013 an email security service can also provide a relatively low-cost way to add in\u00a0data loss prevention\u00a0and email encryption to outbound emails \u2013 a sensible move if within your security budget.\u201d<\/p><\/blockquote>\n\n\n\n<p>Email security threats have existed for decades, but they are more common than ever in today\u2019s connected workplace. Given that cyber criminals are constantly targeting victims over email, it is paramount that businesses recognise this issue and take action immediately. Although it is great that there are lots of email security solutions out there, businesses need to ensure they choose carefully.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here\u2019s how to select the right provider. By Nicholas Fearn Email security\u00a0is a growing problem for businesses in all industries. According to a report by software firm\u00a0Egress, 95% of IT managers believe that email puts data at risk, and 83%<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/how-to-choose-the-right-email-security-service-for-your-organisation\/\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,155,218,17,41,36,4,30,3,245],"tags":[],"class_list":["post-6593","post","type-post","status-publish","format-standard","hentry","category-new-normal-courtesy-of-covid-19","category-batting-for-tech-in-the-covid-19-times","category-ceo-quick-reads","category-cio-resources","category-colocation-hosting-and-outsourcing-management","category-data-center-systems-management","category-datacenter-news","category-expert-advise-and-opinion","category-industry-news-and-expert-advise","category-web-application-security"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=6593"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6593\/revisions"}],"predecessor-version":[{"id":6594,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6593\/revisions\/6594"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=6593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=6593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=6593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}