What is Email Security?

Email security definition

Email security is the practice of protecting email communication and accounts from unauthorized activity, account takeover, phishing scams, spam emails, and more. Because email is one of the primary forms of communication for businesses, maintaining a strong email security posture is critical for the continuity of a modern business. Securing your email can be done in several ways including educating yourself or members of an organization on common threats and best practices to prevent cyber attacks.

Email gateway diagram with Darktrace/Email

Why is email security important?

In addition to being the primary form of communication for most businesses, emails often contain sensitive information such as financial data or customer information. The quantity of emails sent and the contents they contain make email a primary attack path for cyber criminals. 

Cybercriminals are constantly attempting phishing campaigns or using nuanced attacks like social engineering tactics to trick users into giving away valuable information or login credentials. Lack of appropriate training or security measures can lead to compromised email accounts, data breaches, and malware infections.

Many industries have legal and regulatory requirements for data security, such as HIPAA or PCI DSS. Failure to comply with these regulations can result in significant fines and legal penalties. Email security measures can help organizations meet compliance requirements and avoid costly breaches.

Types of email security

Encryption

This is a method of security which ensures that only the intended recipient of an email will be able to read its contents. This is done by converting the contents of an email message into a coded language that can only be deciphered by someone with the encryption key. This way, if the email is intercepted while being sent, the information remains secure.

Digital signatures

This is a cryptographic method to verify the authenticity of a message and its sender. Using a digital signature will ensure the recipient that the message was not tampered with in any way.

Spam filters

Individuals and businesses receive hundreds of spam messages every day. Most email software come equipped with spam filters that can automatically detect and filter out unwanted messages. These messages might contain malicious links, content, or phishing attacks. 

Security awareness training

Most organizations implement security awareness training to keep their employees up to date on the best practices to avoid cyber risk. This involves educating users on how to recognize and avoid phishing attacks, how to create strong passwords, know what information is ok to share with people outside the company, and other practices.

Firewalls

This is a system that protects the network from unwanted traffic. Based on what the organization or security operators have identified as unwanted, the firewall system can stop all traffic that corresponds with these rules.

Two-factor authentication

This requires users to provide two forms of confirmation to access their email accounts. For example, someone might need to login with a password from their laptop and confirm via their phone that they are the ones signing in. This will help prevent account compromise and identify compromised account credentials.

Integrated cloud email security (ICES)

Is a type of email security solution that supplements cloud-based email service, such as Microsoft Office 365, Google Workspace, or Amazon WorkMail. An ICES solution will provide advanced email protection against a wide range of threats, including spam, phishing, malware, and ransomware.

Darktrace Email protection comparison

Is email secure?

Email, by default, is not secure as it can be intercepted or compromised while traveling to a recipient or in the inbox. To send a secure email, you can use encrypted email services or software. Cyber criminals are constantly trying to compromise email accounts, send spam into your inbox, and use phishing as a method to obtain sensitive information. Always be cautious when clicking on links or opening/downloading files from unknown senders.

What does "encrypted email" mean?

Encrypted email refers to the process of encoding the content of an email message to prevent unauthorized access or disclosure. By scrambling the contents of an email message, only the intended audience who have the encryption key can open and read the email.

Organizations often use encrypted emails to communicate within their business because the cost of leaked data is far worse than an encryption service. 

Email encryption has three types. 

Pretty Good Privacy (PGP)

This is an email encryption protocol that is specifically designed for email encryption. PGP can be implemented by anyone because it is an open standard, meaning its publicly available and easy to integrate into other software.

Secure Multi-purpose Internet Mail Extension (S/MIME)

Like PGP, S/MIME is a meant to secure email content using symmetric and asymmetric encryption. The difference between the two is that S/MIME is typically used in the enterprise setting.

Transport Layer Security (TLS)

Different from PGP and S/MIME, TLS is an encryption protocol used to secure network communication. This includes securing web browsing, email, and transferring files. This functions as a way to protect any transfer of data between two end point devices. TLS is regarded as the successor to SSL, together these are two of the most popular encryption protocols available to users and businesses.

How do I know if my email has been hacked?

There are several signs that your email account has been compromised:

Account access

You do not have access to your email account. Not having access to your email might indicate that someone else has gained access and changed your passwords. Hence, denying you access to your email account.

Password reset

You are receiving password reset notifications that you did not submit yourself. This will happen when a cyber-criminal is attempting to reset the password to your email account. Be cautious if you receive these emails as it is likely that an attempted account takeover is in progress.

Unsolicited messages

People in your contacts are receiving emails you did not send. This indicates that a cyber criminal has gained access to your email account and has began sending requests for money or other information using your credentials. If this happens, it would be wise to communicate to your contact list that your account has been taken over and advise them not to interact with it.

Strange IP address

The account has history of a login from a strange IP address. If this occurs, someone has logged into your account from a strange location. This is also indicative of an account takeover already that already happened. If you receive this message be sure to reset your passwords.

What to do if my email is hacked?

If your email is hacked you should:

Change your password

This will deny the cyber-criminal access to your account and require them to attempt to get in again. 

Contact email provider

Most email providers have established methods for account recovery after a cyber-attack. It is wise to keep track of your security question response and other information that might qualify you as the holder of the account so that the email provider can verify your identity. 

Notify your contacts

If an attacker has gained access to your account they will likely try to email your contacts to solicit information or money. Notify them that your account has been hacked and to not interact with any messages.

Scan device for viruses

Scan your device using a malware or virus scanner to ensure that the cyber-criminal was not able to gain access to your device and download malware. You can access free virus or malware scanners via the internet. 

Check other accounts

It is possible that the attacker has accessed your account and identified a password that you use for multiple accounts. Ensure that other accounts like online banking accounts and other vital accounts are not compromised.

Types of email attacks

Phishing

Phishing is the process of sending fraudulent emails, while posing as legitimate sender, to convince people to reveal sensitive information such as passwords, social security numbers, bank account information, and more. 

Spear phishing

Spear phishing is a type of phishing cyber-attack that targets a specific individual or organization rather than a broad audience. This usually involves an attacker conducting a significant amount of research on an organization or individual to make their attack seem more credible by contextualizing their message with relevant personal or corporate information. These attacks usually come in the form of email messages but ‘spear-phishing’ is a more specific way to describe a socially engineered phishing attempt that is targeted. The goal of a spear phishing attack is to gain access to sensitive information such as credentials or compromise valuable data. This can be done purely through solicitation or through further methods of compromise such as embedding malware into a targeted system.

Account takeover

Account takeover fraud, or account compromise refers to a cyber-criminal gaining control of a legitimate account. This can happen when a threat actor successfully obtains an individual’s login credentials. Account takeover can be detrimental to business operations at any organization because with a legitimate account, attackers can operate covertly, have a stamp of credibility, and authority depending on who’s account is compromised.

BEC

BEC stands for Business Email Compromise. BEC involves attackers gaining unauthorized access to a company's email account or impersonating a trusted individual for the purpose of carrying out fraudulent actions such as transferring money or obtaining sensitive information through social engineering tactics.

Fraude de CEO

CEO fraud is a form of impersonation where a threat actor will falsify their identity, acting as a CEO (or other executive) at an organization and attempt to communicate with other employees, such as members of the finance department. They trick using falsified versions of a high-ranking official’s credentials. These attacks are specifically focused on financial gain and often involve urgent requests for the transfer of money.​ 

Whaling

Whaling is a heavily targeted phishing attack in which an attacker attempts to phish a high ranking official, often chief executives. These social engineering cyber-attacks contain information that is highly personalized to the intended target to encourage them to click a link that will download malware, transfer funds to the attacker, or share details that can facilitate further attacks. The effects of a successful whaling attack can be devastating, including data loss, financial loss, and reputational damage.

Darktrace's approach to email security

Darktrace’s AI email security uses artificial intelligence and machine learning algorithms to prevent, detect, respond to, and heal from email attacks.

Through its unique understanding of you, rather than knowledge of past attacks, Darktrace/Email stops the most sophisticated and evolving email security risks like generative Al attacks, BEC, account takeover, human error, and ransomware.

In a Self-Learning AI model, the AI has the ability to understand the business from the inside out. That way when activity within the business deviates from ‘normal', the AI can identify this behavior and alert the security team. 

AI can also use real-time data to identify and respond to threats quickly, minimizing the potential damage and saving time for security teams who usually have to parse through a high number of flagged emails. 

One of the key benefits of AI email security is that it can detect threats that may go unnoticed by traditional security systems, which often rely on pre-defined rules and patterns to identify threats. With AI, email security can continuously learn and adapt, providing more comprehensive protection against previously unknown email-based attacks.