MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

5 Tips to Beef Up Your Email Security

Posted March 25, 2016by Joseph Tavano

You’ve implemented the strongest firewalls. Your passwords are 100 character strings that must contain Capitals, lowercases, and special characters in non-repeating patterns. You skipped over two-factor and went straight to five-factor authentication. Everything is retina scanned. Your encryption is encrypted.

And one email from a prince needing money wired to his account brought the whole thing crashing down.

For most SMBs, email is the weakest link in their security strategy, and it's an attractive target for good reason. By its very nature, it is a direct line of open communication with the world at large. Unrestricted, ungated, unfiltered access is available to anyone who knows a business’ email address—unless the proper steps are taken. It’s no wonder that this very week, email giants such as Google, Amazon, Microsoft, Comcast, LinkedIn and Yahoo came together to publish a new email security standard, known as SMTP Strict Transport Security (SMTP STS), that sets new rules and policies for encrypted email.

The need for strong email security has its roots all the way back in 1982, the year that email was effectively invented with the introduction of the Simple Mail Transfer Protocol (SMTP), which allowed email messages between clients and servers, regardless of provider. (In a strange coincidence, Tron was also released in theaters that year, but no correlation has been identified—yet.) It was built in a different time with a more laissez faire philosophy toward security, with no idea of how fundamentally it may change the world. As such SMTP had no encryption built in to email, allowing it to be vulnerable almost immediately upon its adoption. Twenty years later, an extension to SMTP was developed as an add-on to increase security. Known as STARTTLS, it allowed for transport layer security (TLS) between email connections. And, while its adoption has increased in recent years, many vulnerabilities remain. A large amount of email remains entirely unencrypted. It is easy to downgrade STARTTLS encryption, leaving it vulnerable to “man in the middle” attacks that allow a hacker to intercept and change the contents of an email while on its way to the recipient.

The new standard, SMTP STS, addresses several of these concerns, but as an MSP, there are many process and measures you will need to provide your clients in order to have a rock-solid email security strategy. Let’s look at a few.

1. Deploy a Security Package.

Security-as-a-service is less about being a hot trend than a forgone conclusion among many MSPs, because if you don’t offer it, eventually your competitor will. Security tools like Webroot offer endpoint security and also tie into IT management platforms such as Continuum, which will strengthen your total MSP offering and increase client security across the board.

2. Configure Multi-Layered Email Filters.

Most email compromises occur due to attachments, so it’s absolutely necessary to scan email attachments. Additionally, spyware and messaging protection are also widely available as well. The real challenge is to adjust security filters to block out dangerous email and keep safe email out of your users' spam folders. It’s not enough just to lock it all down; an efficient email security strategy needs to be nimble enough to adapt to threats, smart enough to allow the right mail through, and fast enough to not impede day-to-day efficiency and communications.

3. Keep Definitions Up to Date.

Plain and simple—your security is only as good as your last update, and keeping your Exchange Server patches and black lists up to date is vital to the success of your clients (and your profitability). Partnering with a fully-managed network operations center (NOC) solution can often alleviate much of the burden here, allowing you and your team to think strategically about security policies, rather than staying in the thick of deployments across your client base.

4. Encrypt Whenever Possible.

Once the purview of the government, lawyers, banks and accountants, encrypted email is no longer reserved for only some. When used properly, email encryption is strong and extremely hard to compromise. As mentioned prior, recent years have shown a marked adoption of encryption as a standard, so don’t leave your clients’ information exposed—encrypt whenever possible.

5. What about Mobile Device Management (MDM)?

Unlike most SMB business functions, email security is a 24x7x365 concern, across many devices including desktops, laptops, tablets and phones. Taking the next step with your email security policies may mean enacting an MDM solution to maintain security when communication moves out of the office and on to employees’ personal devices.

It’s unlikely that we’ll see a day that email communication is 100 percent secure, but options exist to get closer to that goal. This week, huge steps were made to make email more secure, but SMBs, for the foreseeable future, will need a managed IT services provider to be a trusted resource to provide a secure business environment.

BLOG Webinar Why Do SMBs Outsource IT Security to MSPs

Joseph Tavano is Senior Content Marketing Manager at Continuum, with more than 14 years of experience in content creation, content marketing, event marketing, marketing communications, demand generation and editorial across a range of industries. He is the author of several eBooks, blog posts, thought-leadership articles and other marketing and product collateral that enable Continuum partners and IT service providers in the channel to make their businesses stronger and grow their profits. In 2016, he launched the Continuum Podcast Network, which publishes multiple shows every week and reaches tens of thousands of IT professionals every year. A native of Boston, he holds bachelors in English and History from Suffolk University and resides in Salem, Massachusetts.

Topics: RMM, Cyber Security

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus