Working in cybersecurity is one of the most challenging roles in the organisation. Not only are you tasked with keeping the business and its data safe and secure, but you must do so in the face of ever-increasing professionalism and sophistication on the part of cybercriminals.
There are more threats than ever before, and the consequences of a data breach are more significant too. In recent Fortra research with CISOs in global banks, the main fear of a cyber attack was damage to brand reputation. Disruption to internal operations and loss of access to data caused by ransomware figured highly too.
Yet there is assistance out there. The National Cyber Security Centre (NCSC) is a government-funded UK body that helps businesses and individuals improve their cybersecurity. It provides practical advice and guidance, and any organisation that is serious about cybersecurity would do well to follow its recommendations.
This is especially true when it comes to NCSC's email security guidance. There are many elements to this guidance, but we have highlighted four key recommendations.
The Importance of NCSC Email Security
Despite the increasing popularity of collaboration platforms in many enterprises, email remains most businesses' primary communication tool. As of 2023, business email marketing had reached a whopping 319 billion business-to-business and consumer emails sent and received daily, and is expected to top 376 billion in the next four years.1 This means there is an enormous opportunity for cybercriminals to use email as a way of stealing data, mounting malware attacks, and many other forms of nefarious activity.
The NCSC email security best practice recommendations have become a vital checklist for organisations keen to keep their emails secure. Fortra's Clearswift Secure Email Gateway appliance is a solution that ticks many boxes on this checklist and is a strong fit for organisations that want to stay secure while limiting disruption to day-to-day communication.
1. Prevent Phishing Emails
Phishing can be attempted in many ways, but the most common way is via email, with malicious content and links buried amongst the many genuine emails an employee receives each day. Phishing impacts organisations of all sizes, and if successful it can install malware, take down systems, and steal company or customer data.
The NCSC recommends a multi-layered approach to protect against phishing, which includes training employees to recognize phishing emails and the filtering or blocking of incoming phishing emails. This is where the Clearswift Secure Email Gateway appliance comes into play. It provides the Deep Content Inspection and multi-layered protection that the NCSC assigns such importance to–scanning email subject lines, body, and attachments–and then neutralizing URLs and sanitizing any malicious content without disrupting the flow of communication. Multiple sources of phishing threat intelligence are used to ensure that defences are always up to date.
Other measures proposed by the NCSC should include making it harder for an email from organisations' domains to be spoofed by employing the anti-spoofing controls: DMARC, SPF and DKIM. This is where Fortra's Agari DMARC Protection is the perfect fit. In addition, the NCSC requires additional protocols called Mail Check and Email Security Check, which go hand in hand. Mail Check helps the public and third sector ward off email spoofing by providing the ability to assess email security compliance, and Email Security Check helps users confirm if their domains are being used in spoofing attacks and ensure privacy.
According to its website in 2023, the NCSC reported:
- Over 2,700 organisations had implemented Mail Check
- Over 24,000 domains had been registered (of which 60% had a p=reject DMARC policy)
2. Stop Ransomware/Malware Attacks
These have been a thorn in the side of cybersecurity teams for many years now and high-profile attacks often make headline news. Malware can be highly damaging, but ransomware's evolution has become perhaps even more dangerous, asking for money to return stolen, deleted, or encrypted data. Some ransomware attacks will also try to spread to other machines on a network.
To help prevent these attacks, the NCSC recommends a four-pronged defence. Starting with regular backups, followed by the prevention of malware being delivered and spread to devices, the prevention of malware running on devices and finally, the preparation and readiness if (or more likely when) an incident occurs.
Many organisations also use sandboxing technology and layer anti-malware software from multiple vendors as an effective way to prevent email-based attacks. For additional protection against Advanced Persistent Threats (APTs), the Structural Sanitization feature in on-premise Clearswift’s Secure Email Gateway really delivers. Files are fully sanitized of any hidden active content, such as macros, that could trigger an attack when a document is opened. This offers a significant additional layer of protection against ransomware.
3. Remove Hidden Data in Documents
Data breaches are an ongoing cybersecurity threat for most organisations, made worse in recent years by the increasing amount of data sharing across organisational boundaries. The sheer volume of data provides many data harvesting opportunities for cybercriminals, and the NCSC has published extensive guidance on how best to defend against these attacks.
One of the recommendations to help prevent data loss or exfiltration, is a defensive technique that removes any hidden data from documents before they travel beyond the boundary. Hidden data might include sensitive information in a document revision history or data in the document properties that could help inform a cyber attack. By removing this data, an organisation can minimize the risk of data falling into the wrong hands. Document Sanitization is a key attribute of Clearswift’s on-premise Secure Email Gateway. It automatically detects and removes hidden information from most common document types. For extra protection, anti-steganography technology detects and removes hidden data from images and scanned documents, preventing any data from being exfiltrated in these document types.
4. Encrypt Data in Transit
With data on the move almost constantly in modern business, it is hard for organisations to track that data and keep it protected. The NCSC recommends using Transport Layer Security (TLS), an encryption protocol designed to safeguard privacy between communicating applications and their users.
Whenever a server and client communicate, the TLS works to ensure no third party can tamper with any message or extract content from it. With the Clearswift Secure Email Gateway appliance, TLS encryption comes as standard, with customers able to deploy further message level encryption options on request. Message-based encryption renders the content in each email unreadable while in transit, keeping it safe from would-be attackers and protecting it should an employee accidentally send confidential information to the wrong person.
Achieving NCSC Security Guidance for Email
Email remains a primary communication channel for most businesses (in 2021, more than 90 percent of businesses said it's integral to their overall success), and cybersecurity teams must address it as a priority when looking at overall security for the organisation. The NCSC offers astute email security guidance and using the right email security tools to apply these recommendations is essential.
The Clearswift on-premise Secure Email Gateway addresses four key NCSC requirements for email security. It is used by defence agencies, governments, and financial institutions around the world and provides the highest level of protection for email. For more information on this, read this solution brief.
1 https://www.constantcontact.com/blog/email-marketing-research-and-statistics/
