We’re halfway through Cybersecurity Awareness Month, and our emphasis this week is on email security awareness.
In one of our recent blogs for this campaign, we covered some of the most significant dangers to an email system—including spamming, spoofing, and phishing—and how users can proactively spot these assaults in their email and take steps to avoid them.
The Zero Trust concept is based on one basic principle: "trust nothing and no one." Simply expressed, the approach advises organizations to implement security policies to validate everyone and everything, whether they are internal or external. By applying the Zero Trust model to email security and implementing relevant safeguards and regulations, identity-based email threats can be prevented.
This article is presented as a self-administered quiz to engage IT departments and email administrators of Zoho Mail by testing their knowledge of the tool's security settings and features. The final score will indicate your level of email security awareness and show you areas where you need to shore up your defenses against email threats.
For each of Zoho Mail's features and controls, you are either:
Unaware: Add "1" to your score.
Aware: Add "2" to your total score.
Already initiated/implemented: Add "3" to your total score.
The threat: Spam
Unsolicited commercial email (UCE) is otherwise known as spam.
Spam fills both personal and business mailboxes with unsolicited email. These messages are completely irrelevant to you and your organization. Besides the sense of annoyance these emails can cause, spam also transmits Trojan horse viruses, ransomware, and other kinds of malware, which is a significant problem causing lost time and productivity.
Did you know? Zoho Mail allows you to apply various levels of anti-spam processing, ranging from comprehensive to system-level checks. You can set up sender-based alerts to show the user's mailbox with smart warning banners that also serve as security awareness training to warn them of unauthenticated emails (those that fail SPF or DKIM validation), external emails (sent by non-organizational senders), and non-contact emails (senders that are not a part of address book). Additionally, you can configure Post-delivery spam checks on sent emails.
Zoho Mail lets you have the option to allow or block email addresses, domains, IP addresses, and emails based on language/location, and add trusted lists for certain domains and email addresses to skip any spam processing.
Zoho maintains a consolidated blocklist based on user spam marking, abuse patterns, and certain third-party blocklists. Zoho Mail allows admins to add rules to control the execution of the Zoho blocklist.
The threat: Email spoofing and spear phishing
Phishing is the technique of delivering misleading messages, typically by email, that appear to originate from a reliable source. Phishing emails trick users into installing a malicious application, clicking on a dangerous link, or disclosing sensitive information, such as credit card numbers and login credentials.
This article provides additional information on the many kinds of phishing attacks.
Did you know? One effective way that Zoho Mail enables admins to identify and block email impersonation attacks is to implement security policies that ensure no email is trusted and delivered unless it passes authentication protocols such as SPF, DKIM, and DMARC.
Zoho Mail validation system
Zoho Mail allows admins to customize the actions that need to be taken when certain emails fail verification protocols, such as SPF, DKIM, DMARC, etc.
You can add rules to choose to 'Temporary Reject,' 'Reject,' 'Allow (Process further),' or 'Move the emails to Quarantine' for the protocols’ soft-fail and fail cases.
SPF Verification based on the sending domain's published SPF record and the IP from which the emails are received.
DKIM Verification based on the DKIM signature in the incoming email’s header, the DKIM validation happens for the email.
DMARC Verification: DMARC policy is an email authentication protocol built on widely deployed SPF and DKIM protocols. Also, DMARC provides reports on successful and unsuccessful authentications.
Zoho Mail lets you control spoofing or other fraudulent activity with respect to an organization's emails. You can decide on the actions that need to be taken on emails that spoof brand or cousin domains, display name spoofing (including impersonating VIP display names), and emails with harmful scripts or tags, and move them to the spam folder or move them to the quarantine list for further processing.
The threat: Account takeover
Cybercriminals utilize stolen passwords and usernames to take over online accounts bought from the dark web or gained using social engineering, data breaches, and phishing campaigns.
Weak passwords make these assaults successful. Attackers also use bots to perform credential stuffing and brute force attacks to take over accounts by trying multiple password and username combinations.
Did you know? In addition to authenticating email senders, Zoho Mail admins can also apply Zero Trust principles to email users, subjecting them to multiple checks, policies and multi-factor authentication (MFA).
Zoho Mail organization security
Zoho Mail has a mechanism to identify logins that are unusual with respect to the user's previous behavior. Admins can enable the alert to email the user whose account registered a suspicious login.
Zoho Mail enables the MFA or TFA process of using a known key and a randomly generated unknown key (SMS-based OTP, app-based OTP, YubiKey, or Zoho's OneAuth).
Admins can configure TFA to be accessed via web browser, POP/ IMAP or Active Sync protocols or via Zoho Mail Apps.
Admins can limit user access to permitted places based on their role in the organization, and can configure user-based IP restrictions, role-based IP restrictions, or policy-based IP restrictions.
Zoho Mail allows admins to set their own password policy and specify password length, minimum amount of passwords in the history, the number of special or numeric characters, and more parameters that they expect users to follow.
Zoho Mail allows admins to configure and use SAML for the authentication mechanisms using the SAML URLs and the public key.
The threat: Insider threats
While firms and organizations concentrate on preventing hackers from breaching their security defenses, they must also protect themselves against internal threats, such as hostile, careless, or corrupt employees to avoid business email compromise.
Mail services provide a fertile environment for all types of threat actors to conduct assaults. For instance, automatic email forwarding (which permits users to automatically forward emails to non-organizational users via mailbox forwarding or message rules) is a common method by which organizational information escapes the company.
Admins should leverage Zoho Mail to create a data-loss prevention policy to prevent accidental sharing of sensitive data on email.
Did you know? Zoho Mail allows administrators to create different email rules and govern the organization's email settings, privileges, and restrictions for various users and groups based on domains, email addresses, attachment types, and subject text for incoming and outgoing emails.
Email policy customization
Zoho Mail allows administrators to perform a number of actions, such as configuring the maximum session count, email client IP restrictions, and allowed IP addresses.
In addition to this, they can also restrict users from:
Admins can enable S/MIME standards for the organization to add an additional layer of security through digital sign-in and email and data encryption using cryptography to prevent unauthorized access to the data contained in the email and ensuring message privacy and integrity.
The threat: Compliance breach and litigation
The complexity of data standards like GDPR, SOX, and HIPAA are expanding dramatically as firms manage more email data. Moreover, failing to comply with ever-changing retention standards can result in significant fines and lawsuits. Due to the continually shifting threat landscape and new data privacy rules and regulations, enterprises may not know what email data to store and for how long. Manual implementation fails.
Did you know? Compliance regulations (SOX, HIPAA, or governmental), business needs, legal requirements, organizational culture, approaches to retention policies, litigation holds, automation, and implementation are all factors to consider when creating and maintaining an email retention policy.
The advanced eDiscovery portal in Zoho Mail provides a complete solution to retain, review, and export the emails related to organization's internal, external or legal investigations. It enables teams to manage holds and investigations.
Email retention and eDiscovery
Zoho Mail’s eDiscovery portal allows admins to customize the portal settings, enable/disable users, and create new retention policies.
Admins can also perform standalone tasks, such as:
Have you been keeping score?
You would be at 15 points if you had implemented all of the security controls, 10 points if you’re just aware of the controls, and 5 points if you were previously unaware of all of the controls.
However, here’s a 10-point activity.
Cybercrime may affect every firm, regardless of size or industry. One thing they share in common, however, is that they’re likely to result from human error. This means that your employees are one of the weakest links in the chain when it comes to fighting cybercrime and protecting the security of your company's data.
Employee communication is vital. Everyone inside the organization is responsible for cybersecurity. As an email administrator, it’s your duty to establish a continuous discourse regarding the significance of email security, including providing guidance on how to stay secure and identify potential threats.
If you haven't already, send an email security awareness mailing to your staff during Cybersecurity Awareness Month. Feel free to use this template for your mailer:
Subject:Email security awareness dos and don’ts
This is your mail service admin!
This Cybersecurity Awareness Month, we would like to share some dos and don’ts of email security to help you protect yourself and our organization from email attacks.
Watch out for these red flags in an email to identify potential phishing scams:
- Inconsistent web addresses: Look for email addresses, links, and domain names that don’t match.
- Unsolicited attachments: Malware is frequently disseminated via phishing emails with odd attachments. If you receive an “invoice” in the form of a .zip file, an executable, or anything else out of the ordinary, it’s likely malware.
- Inconsistent links and URLs: Double-verify URLs. If the link in the text and the URL displayed when the cursor lingers over the link aren’t the same, you’ll be directed to an undesirable website.
- A generic salutation: If a corporation with which you do business wanted account information, the email would call you by name and likely direct you to call them. Phishing emails frequently contain generic greetings such as “Dear valued member,” “Dear account holder,” and “Dear client.”
- Tone and grammar errors : The tone and grammar of an email from a legitimate company should be impeccable. A phishing email will frequently contain misspellings and grammatical errors. If an email seems out of character for its sender, it’s likely malicious.
- Unusual requests : If an email asks you to do something out of the ordinary, it could be a sign that it’s malicious. For example, if an email says it’s from a certain IT team and asks you to install software, but these tasks are usually handled by the IT department as a whole, the email is probably malicious.
To report a suspicious mail:
If you feel an email is a phishing attempt, report it immediately. Select the dropdown next to the respond tab to report phishing, spam, block, or reject emails.
Keep an eye on warnings:
- Zoho Mail flags questionable emails. Unauthenticated emails display a warning notice in the preview with options to report it as spam or to trust the sender.
- Web pixels: Emails with web pixels can trace recipients who open them. Zoho Mail warns about such emails and offers to block the sender.
- Email encryption protects your data from unauthorized access, so make sure to check your incoming mail encryption.
Prevent account sharing. Discuss your team's tool needs with IT.
Use SecurePass or S/MIME to transmit confidential email that shouldn't be forwarded, downloaded, or copied and pasted.
You can reach out to the email administrator for more information on email security.
Be aware. Be secure.
- End of mail template -
The Announcement: Advanced email security from Zoho Mail
Built-in email service provider filters identify established red flags but miss increasingly sophisticated attacks. Advanced email security protects against sophisticated attacks such as social engineering threats that conventional security products miss.
Advanced email security consists of secure email gateways (SEGs), integrated cloud email security (ICES), and email data protection (EDP), as well as adjacent markets such as security awareness training, information archiving, email continuity services, etc.
While security is a central component of Zoho Mail, with SEG and EDP included by default and eDiscovery included in the premium plan, Zoho Mail will release a standalone offering with functionalities such as advanced email security and archival for other cloud and on-premise email service providers such as Microsoft 365, Google workspace, Exchange, Postfix servers, and others.
The beta version of these tools is expected by the end of the year, and they should be commercially accessible by the start of the following year.