Ubiquitous, essential, unavoidable. That's a whole lot of adjectives for any noun to carry, but when applied to the subject of email, it isn't overkill. In fact, it's tough to think of any business anywhere that doesn't rely on email communications both internally and externally to reach suppliers, customers and the like.
So clearly, if email is so central to our lives, email security policy must be the first task tackled on any infosec must-do list, right? After all, as Verizon's 2017 Data Breach Investigations Report stated, 66% of malware reached its target via email attachment. On the contrary: Email security is "woefully neglected," as security consultant Kevin Beaver puts it. Why?
Maybe because of the sheer complexity and size of the problem: Email enters and leaves the enterprise via both company-owned computers and on personal devices -- employee-owned tablets, smartphones and laptops over which the IT security team has the most marginal level of control.
Whatever the reason, the pressing question now is: How do you immediately up your email security game? Do you know what it takes to achieve the best email security possible? Have you got a strategy in place that considers both the company security perimeter and the cloud, user training and penetration testing? Have you outlined a course for locking up key corporate data on all those pesky endpoints traipsing in and out the doors of your company?
If achieving the best email security possible for your company is still on your must-do list, then this handbook is an ideal place to start tackling the task. Learn the tools and methods available. Develop a solid email security policy, one that incorporates a strategic approach encompassing broad areas of concern and outlines tactical assaults on the most likely threats -- like those treacherous email attachments.