Protecting Your Company with Email Security & Resiliency Best Practices in Mimecast
By Jared Hrabak, Cybersecurity Engineer
Do you remember the days when there were mysterious rumblings and rumors of ‘inbox zero’ and quiet whispers at tradeshows and in corporate break rooms about how email would be disappearing… soon to be replaced by chat, SMS, and other collaboration tools…? I distinctly remember thinking, “I cannot wait… but how on EARTH is that ever going to happen?!”
Well, it’s 2023, and here we are.
The truth is, most companies are still knee-deep in the inbox day after day. Chat, SMS, and other collaboration tools have just been added to the pile of communication streams we have to manage. Email follows us everywhere we go including at home each night… it’s everywhere… still.
Like many technological innovations throughout history, it can take decades to see a major paradigm shift. Our reliance on email is like a persistent habit that’s difficult to break, and unfortunately, hackers know this all too well. That means companies should be vigilant about email security and hygiene around the clock, not only to protect their data and users but also to protect the value of their brand.
It’s just not enough to add an email security tool, set it and forget it, and think you’re done. I’m sorry to say, but it just doesn’t work that way. Email security is like a chess game, with each side constantly making their move in an offense, defense, counter-move kind of way.
That’s why in this blog post, I’ll map out a few key technical ‘must-dos’ of email security and hygiene using the Mimecast email security and resilience solution.
Get Your MX and Email Provider Records Right
Before you even get to Mimecast, you need to put a couple of things in order. MX records (mail exchange) are DNS records that talk to each other in order to send email and other traffic to the correct destination. By default, it’s set to send traffic to the lowest priority valued location first, not always your preferred destination. For example, an MX record with an O365 server at priority 10 and Mimecast at priority 20 will send messages to O365 first, not to Mimecast. Sometimes these settings are forgotten during the implementation – make sure they are correct.
If you have an email gateway product like Mimecast’s Secure Email Gateway (SEG), you have to tell your email provider to only accept emails from your gateway and no one else. If you don’t, criminals could send messages directly to your email provider and bypass the SEG – eliminating all of the controls you have in place. While this might sound like email security 101, I’m surprised by how often this kind of setting is overlooked, so be sure your DNS and email provider configurations take this into account.
DMARC, SPF, and DKIM: the Front and Back Gate Guards of Email Security
Once you’re confident your MX record and email provider are configured correctly and you have Mimecast sitting between your mailboxes and potential threats, it’s critical to look next at DMARC, SPF, and DKIM. These three combined are like the powerhouse of email authentication, preventing spammers, phishers, and other unauthorized parties from sending emails on behalf of a domain they do not own.
The two primary authentication protocols, SPF and DKIM, help validate that an email message comes from who it claims to come from. Layered on top of SPF and DKIM is DMARC, which uses SPF and DKIM and then provides instructions to receiving email servers on what to do if they receive unauthenticated mail.
Mimecast users can learn more about DMARC and the others, including creating a DMARC record, a guide to reading reports, compliance, setup on Google, and more on the Mimecast website.
Once DMARC, SPF, and DKIM are set up properly with your third-party email provider, Mimecast is correctly configured, and you’re certain all email is funneling through secure routes, it’s time to better understand the added features Mimecast can offer.
Insider Risk Protection
Mimecast’s Internal Email Protect technology lets you detect email-borne security threats that originate from within your email system and automatically or manually remove malicious content from end-users’ mailboxes post-delivery. Following a compromise, users whose accounts are being exploited by attackers or employees who engage with malicious links or simply make mistakes are better protected with an additional security layer that offers lateral threat protection, rechecks of already delivered files, and much simpler day-to-day administration.
Impersonation attacks — also known as business email compromise — can result in significant financial loss, as attackers try to trick employees into making wire transfers or other transactions by pretending to be the CEO, CFO, or even external partners. In many cases, the attacker underscores some kind of emergency situation that must be addressed immediately, so what employee says “no” to an executive with an urgent request? The Mimecast makes it easy to protect your users from impersonation attacks.
The Mimecast Attachment Protect feature scans every email and every click on any user device to identify (and contain, if needed) potentially dangerous attachments. When an attachment appears suspicious, one of two events happen next: 1) the malicious email may be sandboxed, and the content of the email is delivered to users without attachments, or; 2) the malicious email attachment may be instantly converted to a safe format, neutralizing any malicious code, and then is sent to the recipient for preview. As part of the simplified management of Mimecast, administrators may also combine sandboxing with instant previewing to create the best mix of safety, performance, and functionality.
Since the world is still running on email, this Mimecast Continuity feature helps protect against planned and unplanned email server outages with uninterrupted access to user emails and calendars in native user applications. This continuous monitoring of your email flow also provides automated activation, alerting, and notifications.
AI and Machine Learning
Mimecast’s email security solution leverages AI and machine learning to better detect continuously evolving threats and to give employees email warning banners when needed. The feature also identifies potentially misaddressed emails, helping to avoid mistakes turning into security incidents. Using AI and ML in your email security arsenal helps limit attacker reconnaissance by shielding employees and preventing would-be attackers from gathering intelligence that can be used to craft highly targeted social attacks.
Message Encryption allows senders and recipients to safely exchange emails and files without burdening IT or relinquishing control of shared data. It gives you easy message and file access via a security portal hosted by Mimecast, a fully customizable configuration to help ensure brand recognition and recipient confidence, and granular message controls that cover message recall, expiration, automated read receipt, print and reply/forward control — all set to your specific policies.
Email Incident Response
Time is essential in the email security world, so this feature is key to decreasing the dwell time of cybersecurity threats while at the same time reducing the burden of threat response and remediation on your Security Operations Center (SOC).
This list of Mimecast email security features is by no means exhaustive. Their comprehensive solution offers plenty of customization and configuration options for nearly every type of business email environment.
So if you haven’t done so already, upgrading and more proactively monitoring your email security solution is a great place to start. Email security and resilience solutions such as Mimecast should be uniquely configured to your business, users, and security priorities rather than taking a ‘set it and forget it’ approach. This kind of holistic view of email security, email hygiene, and online brand protection should be a critical component in your overall security plan.
We’ve helped countless clients implement and correctly configure Mimecast, so please don’t hesitate to reach out if you’re unsure how or where to start.