What’s the first thing you tell your clients when they ask you how to choose an email security solution?
It’s not an easy question. Email is arguably the most important means of communication for business, with up to 77% of those aged 22+ reporting email as their main means of communication. So the stakes are pretty high.
Email also remains the top threat vector used to deliver cyberattacks - making it imperative to employ an email security strategy that is highly effective.
See why it’s not exactly an easy question?
To make it easier to help your clients choose an email security solution that’s a good fit, we’ve drafted a list of criteria that will help in an email security gateway evaluation. While this list isn’t comprehensive, it will serve as a starting point for your discussions.
- Strong filtering accuracy
You probably know this, but it doesn’t hurt to reiterate: strong filtering accuracy in email security is not the same as catching all threats.
For instance, Google reports that “they help block more than 99.9 percent of spam, phishing, and malware from reaching Gmail inboxes.” That .1% is false negatives (missed spam) when we’re talking about reporting.
However, this doesn’t represent the number of legitimate messages that get filtered to spam, nor the accuracy of their filtering algorithms. These are known as false positives; when filters catch mail that really should have gone through.
So, how can your clients gain better accuracy for business email filtering?
For inbound messaging, ask them to look out for a combination of the following features in their preferred email security solution:
- Ability to implement policies based on users or groups
- Advanced file type filtering
- Scanning for content types that fit specific criteria like advertising, multi-level marketing, chain letters, political letters, ‘Nigerian prince’ scams, etc., and
- That use artificial intelligence to determine which messages are threats and which are benign
There’s also the consideration of the solutions filtering accuracy for outbound too:
- Blocking inappropriate language
- Ensuring corporate compliance standards for templates, or legal compliance, and
- Blocking outbound filetypes to guard against malicious insider attacks
An email security service that employs filtering techniques and policies that meet these criteria is highly likely to improve the resilience of an organisation.
- Anti-phishing and spear phishing protection
Phishing and spear phishing attacks are 2 of the most common ways cybercriminals attack systems to commit fraud, for credentials stealing, malware injection, and so on.
While phishing attempts may be easier to spot and thwart, spear phishing is far harder to identify due to its highly targeted nature. The threat is growing, and it’s growing fast.
How can email security solutions match up to attacks like these?
At MailGuard, we scan for malicious URLs, harmful code, and malware or viruses hidden in attachments for a start. There are anti-domain spoofing protections in place, pattern-matching algorithms to identify known or similar spear phishing attempts, and artificial intelligence to help keep a watch out.
Plus we’ve been around for 18 years, so we’ve got an enormous amount of IP relating to threats and tactics that cybercriminals have employed in this region over the years. Think about some of the major brands that scammers are imitating to try and trick users and whether your preferred email security solution is aware of them. For example, consider ANZ Bank, NAB, CBA, Telstra, the ATO, the Australian Federal Police, Australia Post. To some vendors, these brands may be small, obscure and irrelevant, but vendors with an established local presence will recognise them as common household names that cybercriminals are increasingly spoofing. Consider how well-versed your preferred vendor is with local brands, companies and trends when you’re evaluating their efficiency.
Whichever email security solution your clients consider, advise them to inquire about the solution’s anti-phishing and/or spear phishing protection. More likely than not, these are the features that your customers would be relying on the most frequently to protect their inboxes.
- 24/7 built-in email continuity
What happens if a primary mail server goes down? Panic and chaos? Frantically looking up phone numbers?
In the event of mail server failure, you want things to keep ticking over, running almost as if it never happened.
An email continuity solution, like MailGuard Live, ensures email remains switched on, working, and reliable until the main servers are back up and running again, through an external server and accessway. It does this by automatically queuing all incoming and outgoing mail for a specific rolling period, allowing full sending, receiving, and reading of emails, plus access to address books and up to 60 days of inbound and outbound emails.
This ensures smooth functioning for your customers’ emails. They won’t even know there’s been an outage (unless you mention it!).
- Seamless integration with native email hosting platforms
The truth is, there is no absolute guarantee the security measures that a business adopts will work ALL the time. Our security stacks will never be completely perfect – whatever vendors produce today will be defeated tomorrow.
The best proactive response your clients can take is a comprehensive security stack with a multi-layered approach, employing multiple tools that complement each other. This is sometimes referred to as a ‘defence in depth’ approach, designed to defend your people, systems and data against attacks using several different methods and solutions, in the event that if one fails, the others will stop the threat.
Putting this in the context of email security, your customers may already have native security from their email hosting provider, like Google or Microsoft, but remind them that it’s also prudent to employ an additional layer of cloud email security that works seamlessly with any existing email platform that is already in place.
For the majority of businesses, this means either Office 365, Microsoft Exchange, G-Suite, or Zimbra.
- Real-time 24/7 support
Threats and incidents can occur at any time, which makes 24/7 support critical. This means the ability to pick up the phone at any time and call regarding any concerns, plus ticketing and email requests for non-urgent enquiries and a help centre. Your team needs to be notified immediately of any incoming threats, too.
Email security vendors who offer comprehensive customer support and have high first-call resolution rates should rank highly on your clients’ list.
Trying to select one email security product or service from the many available options can be a daunting task. We hope the above list is a good place to start the discussion and to help filter the range of options available.
If you’d like to chat more about choosing the right email security solution for your clients, then don’t hesitate to get in touch. Our partner program offers a range of benefits that can help both with your business as well as your clients’.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.