The 6 Layers of Email Defense

For today’s Tuesday Tech Tip, I want to talk about the six layers of email defense that every business needs to have in place. We are seeing such a problem with bad actors taking and exporting people’s email, not just nationally but also locally. This is happening mainly by doing spoofing and what we call man-in-the-middle attacks.

This is where they’re able to get in the stream of an email whenever you are on an insecure wireless network. A way to prevent these automatically is to not get on free wireless networks. You never know who owns them and they can sit in the middle of email transactions and other transactions and steal data.

The first layer of defense is going to be security training for your employees. You want to make sure they’re able to spot a spoof email.

These next three layers of email defense are going to be a little bit technical. I’m not going to explain them all the way. However, you need to talk with whoever is keeping up with your email and get this put into place. These are new things that we’re seeing in the marketplace that the bad actors are exploiting. Email filtering is getting better and links inside the email are being checked pre-checked by a lot of spam filters. They’re making it more difficult for the bad guys so the bad guys are changing their tactics.

The second layer of the six layers of email defense is going to be what’s called, Sender Policy Framework (SPF). The third layer is called Domain Keys identified Mail (DKIM). The fourth layer of email defense is what we call DMARC, Domain Message authentication reporting. These three layers of email defense are controlled by whoever manages your DNS settings on your website.

I’ve noticed that a lot of applications for cybersecurity insurance are asking if these things are managed and monitored. It’s something new and we’re going to be seeing that everyone will have to put it in place before long or you’re not going to get liability insurance. What that says is that’s a big problem for the marketplace.

The fifth layer of email defense is spam filters. DNS filters, Endpoint Detection, and Response so that you’re able to respond when something happens. A good product, what we used to call antivirus, will disconnect your machine from that network whenever an event happens. This is so that you can isolate that activity to just one device or one machine.

Then finally the last layer of email defense, you need ransomware-proof backups. Another term that’s used a lot is what we call an air gap. An air gap is when the backup and the live data are not connected in any way. Air gapping is important. Bad actors have exploit systems to take away or alter your backups where they are all corrupted so that you don’t have a backup.  You need to have air gap technology.

One really simple way to explain this that we see is people that are backing up to a USB drive. they stick a USB drive into their machine and they leave it plugged in. Well, the same bad actor that’s going to encrypt your local files is also going to encrypt that backup. You need to have a ransomware-approved type of backup solution.

I know this is a little long and I hope it sparks some questions either to me or to your IT people so that you’re able to take care of this. This is one of the things pending threats and it’s getting a little more technical. But that’s because the good guys are doing things to block the easy stuff. If you have questions, I’m always here to help.

Thanks for watching. As always, if you get something weird and you want us to check it out, don’t hesitate to forward it to the help desk so that they can check it. We want to keep you safe and email is probably your biggest risk as a small business. We’re always here to help. Thank you for listening.