10 Tips to Guide Your Cloud Email Security Strategy

Originally published by Abnormal Security.

Written by Lane Billings.

As enterprises have migrated to Microsoft 365 and Google Workspace, they’ve seen the perks: easy collaboration, greater agility, and lower costs.

But for most organizations, the challenge of determining how to keep data protected and employees safe from attacks in a cloud-based environment remains unsolved.

Since email is a vital channel, it remains the primary attack vector for bad actors. Socially-engineered attacks including business email compromise (BEC) have been the leading cause of cybercrime losses for the past seven years. That trend is likely to continue.

Fortunately, there are steps you can take to protect your business against email-based cyberattacks. Here are ten considerations to shape your cloud email security strategy.

1. Identify Your Top Email-Based Threat Concerns

Email-based attacks can target any business. Some industries, however, are more vulnerable to certain types of attacks than others. For instance, Abnormal identifies the Advertising & Marketing industry as a top target for malware hidden in emails.

Every business has its own unique concerns. Attackers might see businesses that previously fell prey to invoice fraud as soft targets. Other companies might struggle with squashing spam and dodging phishing attacks.

Identifying your primary concerns is essential for choosing the right solutions.

2. Determine Which Detection Signals You Want Your Solution to Use

Does your email security solution detect attacks based on known indicators of compromise (IOCs)? The best solutions analyze email content for contextual signals. This might include relationships between senders and recipients, sign-in activity, and considerations for typical behaviors.

3. Verify How End Users Access Their Email Accounts

Passwords alone won't keep the bad guys out. A brute force attack, phishing campaign, or stolen device can give cybercriminals easy access to email accounts with or without a password. It’s far more effective to layer your defenses by requiring multi-factor authentication (MFA) in order to access an email account.

4. Establish a Post-Phish Response Plan

A recent survey found that 92% of businesses experienced at least one email-related security incident within the past year. While you can’t rid the world of bad actors, you can take strategic steps to make sure there is a remediation plan for email attacks that get through. Maybe that includes, training employees to identify suspicious messages, installing the right cybersecurity software, or analyzing a threat after the attack has landed.

These steps should be clearly outlined and duties preemptively assigned. IT and security teams should know if malicious emails are automatically triaged and remediated or if this is a manual process.

5. Decide How Many Email Security Solutions You’re Willing to Operate

Email security is growing in complexity as organizations integrate SaaS apps into their cloud environments. Ideally, you want to integrate your security solution into your email infrastructure as well. But have you considered how many security solutions you’re willing (or able) to operate?

Choose the best cloud email security solution for your business and build a strategy around that. This is simpler and more effective to operate than a patchwork of technologies. Ask yourself, does this technology offer additional protection beyond what you currently own?

6. Identify Resource-Intensive Management Tasks

A cloud-based email security platform should eliminate the need to manually review user-reported phishing emails. The great thing about these technologies is that they allow security teams to locate and fix wrongly delivered messages quickly.

Better still, these email security platforms should offer comprehensive dashboards that centralize crucial data and reports. This provides IT and security teams with more visibility into what’s happening inside your organization so you can make informed decisions for your business.

7. Calculate Time Savings for Your Security Team

Your chosen email security platform should help your security teams save time investigating and reporting on incidents. This includes automating threat detection, collecting contextual information, and detailing actions taken in response. Some solutions even track the time saved by using the product, which lends credibility to your investments.

Additionally, solutions that proactively stymie threats before they hit an employee’s inbox save security teams the time of manually reviewing reports and quarantining potential problems.

8. Document the Insights You Need

Does the platform offer basic insights, such as the number of attacks blocked? Analysts need these detailed assessments, including attack types and indicators of compromise, to help them make informed decisions.

Breaking down the number of attacks and types of attacks levied at your organization demonstrates where you should invest resources. Tracking these insights over time reveals trends in your threat profile. Consider any other insights that might be valuable to your business.

9. Address Your Graymail Issues

Graymail is a category of email that clogs your inbox and rarely provides value. These newsletters, promotions, and other bulk emails often bypass spam filters. While graymail isn’t malicious and isn’t as harmful as spam, it nevertheless distracts from important messages and wastes employees' time.

Establish how you want your email security platform to address time-wasting graymail. Ensure it can offer a native user experience within your Microsoft or Google environment. Consider if the technology provides personalized, adaptable protection for various use cases.

10. Think About Third-Party Integrations

Ease of integration is a prime consideration for cloud-based solutions. Ensure your analysts can log into the solution via a Single Sign-On (SSO) tool. Similarly, you want a solution that integrates with your Security Orchestration, Automation, and Response (SOAR) platform to trigger playbooks when users engage with malicious emails or compromised accounts. Lastly, pick a solution that augments your Security Information and Event Management (SIEM) with metadata and risk scores for better attack correlation.

Understanding where your current processes and technology solutions are and where you want them to be is key to picking the right email security solution for your organization and your employees. Are you ready to meet the challenges of cloud-based email security head-on?