In the context of remote working, the “new normal” of working from home or in the office from time to time, your security strategy is more important now than ever before. While healthcare and other essential workers battle to contain and mitigate the impact of COVID-19, threat actors remain undeterred in their malicious attacks. A recent Mimecast report “The State of Email Security” says that during the pandemic malicious actors have increased their activity, taking advantage of the confusion. At the same time, they are utilizing new and inventive ways to assess and attack the security defenses of businesses.
This emphasizes the need for an in-depth consideration of your IT security from both a remote worker perspective and a holistic one. In previous articles we looked at the potential cost of a data breach and methods of mitigating the risk which included engaging with your trusted advisor to discuss a defense-in-depth security strategy. Let’s define a defence-in-depth security strategy in more detail by drilling down into its layers and along the way I’ll highlight some of the products or strategies that will help you protect each layer.
Each IT person has their favourite mitigating mechanisms for providing defense-in-depth. Likewise, I will suggest proven technologies that I’ve worked with over the years. I do mention companies or products in these articles for the purpose of clear and actionable guidance and hope this approach is helpful. While I may partner with some of the vendors or sell their products, I receive no remuneration from them for mentioning them.
Perhaps only a subset of these layers will apply to your environment. Use this list to initiate a discussion with your trusted advisor and note, this is not a detailed list, your IT team or MSP may know of other items in your environment that need to be addressed.
Email – Email has proven to be the number one attack vector in all businesses regardless of size. I would go further to say it is also the largest attack surface in your business due to its nature. As such it merits special attention when it comes to security so let’s focus email alone for now.
Email based attacks are successful – According to the Mimecast report mentioned above, 60% of the respondents say their organizations were hit by an attack that spread from an infected user to other employees. Ransomware impacted 51% of them in the last 12 months and overall, 82% experienced downtime from attacks. These successful attacks all had one thing in common – email. They all started with a link that was clicked, a virus payload or malware that didn’t get picked up by their email security defenses.
The need for better email security – But we have Microsoft 365 email (formerly Office 365), isn’t that good enough? Gmail and Microsoft both provide a great email service. They have a basic level of security built-in, but it is not enough. Even the advanced security features found in Microsoft’s advanced threat protection product, which is included in their Microsoft 365 Business Premium offering, may not be enough at times. While it’s a great email service, you need security that’s equally great.
According to J. Peter Bruzzese, an 8x Microsoft MVP in Exchange/Office 365, companies are finding gaps in Microsoft 365 that emerge over time. One of the upfront gaps is its inability to sandbox user clicks.
The sandbox concept – Sandboxing is a way of preventing direct access to what could be a virus or ransomware. If a remote worker clicks a link in their email, or opens an attachment from an external source, they’ll be redirected to a safe place, the sandbox. The security system then checks the link for them and determines if it’s safe or not. If it’s safe, they are automatically connected, if not, your systems are still safe and the user is notified that the link is dangerous.
Where to get great email security – I recommend Mimecast’s security product. It can be seamlessly added to Microsoft 365 to close the sandbox gap and provide robust defense-in-depth security, continuity and archiving for your email. If you find other products that similarly enhance your email security and integrity, use them, here’s why.
Why great email security is needed – According to Bruzzese, more than 90% of your security attacks will come via email. That means every investment you make to protect it is worth it, especially if we look back at the potential cost of a data breach. It would be worth having a chat to someone about Mimecast because there is a lot more than meets the eye in the realm of email. I’ve used their product since 2011 and have worked in depth on the Mimecast service and supported their partners over the years. I’m not a Mimecast partner but I can help you find one so feel free to reach out.
More Layers – next time…
There are more layers to your defense in that I haven’t had time to cover today so let’s keep the conversation going. In an upcoming article I’ll look at the other layers:
- Local Endpoints
- Remote Worker Endpoints
- Cloud Endpoints
- The Perimeter – for each of the above.
In that discussion I also want to show you how you can mitigate 80% of your risk at these layers with something you can implement for free. I also want to show you how you can recover from security incidents 100% of the time. It’s easier that you may think.
Kelvin’s experience covers more than two decades in IT infrastructure and Cloud. Through the University of Cape Town he is certified in IT Management and has earned over 30 information technology certifications during his career from Microsoft, Mimecast, IBM, ITIL, EMC, Cisco and others. He handles his customers big IT and Cloud problems one small solution at a time.
LayerOne Cloud (Pty) Ltd
LayerOne is an IT and Cloud consulting services business built on over 25 years of industry education and practice