Working in cybersecurity is one of the most challenging roles in the organization. Not only are you tasked with keeping the business and its data safe and secure, but you must do so in the face of ever-increasing professionalism and sophistication on the part of cyber-criminals.
There are more threats than ever before, and the consequences of a data breach are more significant too. In recent HelpSystems research with CISOs in global banks, the main fear of a cyber-attack was damage to brand reputation. Disruption to internal operations and loss of access to data caused by ransomware figured highly too.
Yet there is assistance out there. The National Cyber Security Centre (NCSC) is a government-funded UK body that helps businesses and individuals improve their cybersecurity. It provides practical advice and guidance, and any organization that is serious about cybersecurity would do well to follow its recommendations.
This is especially true when it comes to NCSC email security guidance. There are many elements to this guidance, but we have highlighted four key recommendations.
The Importance of NCSC Email Security
Despite the increasing popularity of collaboration platforms in many enterprises, email remains most businesses' primary communication tool. The average office worker receives 120 emails every day and there are around 5.6 billion active email accounts worldwide. This means there is an enormous opportunity for cyber-criminals to use email as a way of stealing data, mounting malware attacks, and many other forms of nefarious activity.
The NCSC email security best practice recommendations have become a vital checklist for organizations keen to keep their emails secure. The Clearswift Secure Email Gateway is a solution that ticks many boxes on this checklist and is a strong fit for organizations that want to stay secure while limiting disruption to day-to-day communication.
1. Prevent Phishing Emails
Phishing can be attempted in many ways, but the most common way is via email, with malicious content and links buried amongst the many genuine emails an employee receives each day. Phishing impacts organizations of all sizes, and if successful it can install malware, take down systems and steal company or customer data.
The NCSC recommends a multi-layered approach to protect against phishing, which includes training employees to recognize phishing emails and the right technology solution to stay safe. Measures should also include making it harder for an email from your domains to be spoofed by employing the anti-spoofing controls: DMARC, SPF and DKIM.
It also advocates the filtering or blocking of incoming phishing emails, which is where the Clearswift Secure Email Gateway comes into its own. It provides the deep content inspection and multi-layered protection that the NCSC assigns such importance to, scanning email subject lines, body, and attachments, and then neutralizing URLs and sanitizing any malicious content without disrupting the flow of communication. Multiple sources of phishing threat intelligence are used to ensure that defenses are always up to date.
2. Stop Ransomware/Malware Attacks
These have been a thorn in the side of cybersecurity teams for many years now and high-profile attacks often make headline news. Malware can be highly damaging, but ransomware's evolution has become perhaps even more dangerous, asking for money to return stolen, deleted, or encrypted data. Some ransomware attacks will also try to spread to other machines on a network.
To help prevent these attacks, the NCSC recommends a four-pronged defense. Starting with regular backups, followed by the prevention of malware being delivered and spread to devices, the prevention of malware running on devices and finally, the preparation and readiness if (or more likely when) an incident occurs.
Many organizations use sandboxing technology and layer anti-malware software from multiple vendors as an effective way to prevent email-based attacks. For additional protection against Advanced Persistent Threats (APTs), the Structural Sanitization feature in Clearswift’s Secure Email Gateway really delivers. Files are fully sanitized of any hidden active content, such as macros, that could trigger an attack when a document is opened. This offers a significant additional layer of protection against ransomware.
3. Remove Hidden Data in Documents
Data breaches are an on-going cybersecurity threat for most organizations, made worse in recent years by the increasing amount of data sharing across organizational boundaries. The sheer volume of data provides many data harvesting opportunities for cyber-criminals, and the NCSC has published extensive guidance on how best to defend against these attacks.
One of the recommendations to help prevent data loss or exfiltration, is a defensive technique that removes any hidden data from documents before they travel beyond the boundary. Hidden data might include sensitive information in a document revision history or data in the document properties that could help inform a cyber-attack. By removing this data, an organization can minimize the risk of data falling into the wrong hands. Document Sanitization is a key attribute of Clearswift’s Secure Email Gateway. It automatically detects and removes hidden information from most common document types. For extra protection, anti-steganography technology detects and removes hidden data from images and scanned documents, preventing any data from being exfiltrated in these document types.
4. Encrypt Data in Transit
With data on the move almost constantly in modern business, it is hard for organizations to track that data and keep it protected. The NCSC recommends using Transport Layer Security (TLS), an encryption protocol designed to safeguard privacy between communicating applications and their users.
Whenever a server and client communicate, the TLS works to ensure no third party can tamper with any message or extract content from it. With the Clearswift Secure Email Gateway, TLS encryption comes as standard, with customers able to deploy further message level encryption options on request. Message-based encryption renders the content in each email unreadable while in transit, keeping it safe from would-be attackers and protecting it should an employee accidentally send confidential information to the wrong person.
Achieving NCSC Security Guidance for Email
Email remains a primary communication channel for most businesses, and cybersecurity teams must address it as a priority when looking at overall security for the organization. The NCSC offers astute email security guidance and using the right email security tools to apply these recommendations is essential.
The Clearswift Secure Email Gateway addresses four key NCSC requirements for email security. It is used by defense agencies, governments, and financial institutions around the world and provides the highest level of protection for email.