Secrets to Achieving End-to-End Email Security
Email can be viewed through two lenses: secure email and trusted email. When it comes to “secure email” the focus is on encryption. In securing email, security executives view:
- The ability to encrypt email in transit as the number one control
- The ability to encrypt email at rest (for sensitive emails and email with attached privileges) as the number two control
- S/MIME and GDP as the techniques going forward for encrypting email
- Microsoft RMS as a general use tool for encrypting emails at rest
Trusted email is different from secure email and relates specifically to the email channel. Establishing a trusted email channel is vital because the number one threat vector that organizations face is phishing. Implementing trusted email involves authenticating all of your outbound email. Things to keep in mind or to consider include:
- A trusted email program will allow you to drive up revenue, reduce operating costs and reduce risk for the consumer.
- Trusted email is easy to implement from a technology standpoint, but difficult from a people perspective because people are resistant to change.
- Large organizations that leverage third-parties to send outbound email will need to coordinate efforts across these organizations to establish a trusted channel. Think of it as herding cats.
- Technologies for implementing a trusted email channel include SPF, DKIM and DMARC. Implemented in a standard way, these will provide a trusted channel wherein the ISPs will take your published records and policies and will drop all email that doesn’t come from your authenticated email server.
- One option is to remove active live links from all outbound emails. This requires training customer service people to never send email with live links. If successful, then your customers can differentiate phishing emails from legitimate ones because of the presence or absence of live links.