The first email was sent in 1971 by Ray Tomlinson working for ARPANET. Since then billions upon billions of mails have been sent between colleagues, friends, family and even to complete strangers. Email remains to this day one of the most used form of written communication. There are today an estimated 4 Billion email users and although alternative communications such as chat slack (estimated 20 million daily users in 2019) are gaining popularity they cannot compete with emails. A whopping 300 Billion emails are sent every single day. Now a great part will be SPAM and unwanted emails but still the average office worker receives as much as 120 mails per day. This will be notifications, internal mails, project status mails, marketing mails, client mails, coordination mails, briefing mails etc.
Now that we know that email still rule supreme as the preferred written communication tool that we have and is estimated to increase in the coming year, lets take a little closer look on how to use this tool in a safe and good manner.
Email in Office365
Many businesses are now starting their mail server directly in the cloud or migrating to the cloud. One of those options is the Office 365. With the Office365 mail solution comes a few risks and several benefits if configured correctly. Some are the same as for on premises mail servers and some are unique for the cloud service. Under we will go through some general email terms and look at how the email works.
SMTP, IMAP and POP3
SMTP, IMAP and POP3 are three common terms when talking about email, but what do they stand for and what do they mean.
SMTP stands for Simple Mail Transfer Protocol and is the industry standard protocol for sending email. With SMTP you are sending, relaying or forwarding messages from a mail client to a receiving mail server. SMTP is in other words all about sending emails.
IMAP stands for Internet Access Message Protocol and if SMTP is all about sending emails then IMAP is all about retrieving the emails from the email server.
Together SMTP and IMAP make email work.
But where does that leave POP3?
POP stands for Post Office Protocol and works with retrieval of mails like IMAP. The difference is that while IMAP leaves the mail on the mail server and synchronizes the message between all your devices (outlook, outlook on web, outlook on your phone etc.) POP3 downloads the email to your mail client and then deletes the mail from the server.
Exchange Online servers always encrypt connections to other Exchange Online servers in our datacenters with TLS 1.2. When you send mail to a recipient that is within your Office 365 organization, that email is automatically sent over a connection that is encrypted using TLS. Also, all email that you send to other Office 365 customers is sent over connections that are encrypted using TLS and are secured using Forward Secrecy.
By default, Exchange Online always uses opportunistic TLS. This means Exchange Online always tries to encrypt connections with the most secure version of TLS first, then works its way down the list of TLS ciphers until it finds one on which both parties can agree.
Different protocols govern today's email operations, they're as follows:
1. SPF or Sender Policy Framework.
2. DKIM or Domain Keys Identified Mail.
3. DMARC or Domain Based Message Authentication, Reporting and Conformance.
Publishing SPF and DKIM help prevent spoofing and phishing by identifying which mail servers are allowed to send mails on behalf of your domain. DMARC helps the receiving mail system determine what to do with messages sent from your domain that fail SPF and DKIM checks. Office 365 will check incoming emails for published SPF and DKIM and mark the mails as potential spoofing if they fail the checks; this means that unless you want your mails to end up in quarantine or a SPAM filter, you better publish those SPF and DKIM.
Set up and configured correctly, Office 365 uses advanced machine learning to filter out potential SPAM and phishing emails in addition to looking at the SPF and DKIM checks; This means that the majority of malicious emails will never reach your inbox. As with all security measures, it also leaves room for false positives, meaning real mails caught in a security net. If you experience that you are not getting any emails although they have been confirmed sent to you. Ask your Admin! The mail may be in quarantine.
Office 365 also offers a DLP solution based on known regulations, such as PCI DSS, GDPR, HIIPA, etc. So, stop sending out emails with confidential information, or you may end up on the repeat offender list. If Office determines that you are a big risk, your mailbox may be involuntarily locked down.
Don't use your company mail for private business. Your company inbox is for trade only, and any information you send, store or receive can be looked at now or in the future. Your mailbox may be converted to a shared mailbox in the future to ensure that confidential and business-critical mails are handled by someone else in the company when you leave.
EMAIL AND INFORMATION SECURITY
As the preferred written communication tool, it is self-evident that email will also come with its own set of security risks. Some risks include phishing, spoofing, and SPAM, which has already been covered in the Phishing training and will not be the subject of this document. There are, however, several other risks to information security that are associated with emails. We will review some of them here.
Millions of new email accounts are created every day, and millions of email accounts die every day. People make new email accounts privately for a specific purpose, to try out a new email service, or just to get a fresh start because the old account was so full of spam. Business emails are also created and removed as people change jobs.
Risks of unwanted access
Someone has gotten access to your email. Ok, so they can see some the communication that you have had; what's the big deal? They can probably find more interesting things on Facebook, right?.
Wrong! There are several risks associated with a hacked mailbox.
- The hacker can change your password, locking you out from your account.
- The hacker can ask your friends, family, business contacts, or others for sensitive information. Since the mail comes from you, there is an increased chance they will receive it.
- The hacker can use links sent to your email address to access sensitive documents in the cloud.
- The hacker can play pranks on you by changing your configuration settings like language, delete all your emails, etc.
- The hacker can pretend to be you and write non-flattering or hateful emails to your colleagues, friends, business contacts, family, etc.
- The hacker can set up an auto-forward rule that lets them read all your future emails without you knowing it.
- The hacker can snoop through your email and get years of potentially insightful information.
- The hacker can sign up for services using your mail.
- The hacker can request password resets and log in to your other services taking control over all your cyber life, including your social media profiles.
- The hacker can get access to online stores that most likely have stored your credit card number and make purchases in your name with your credit card.
Email security has luckily improved over the years. These days, multifactor authentication and an alternative email account registered can help, if you forget your password or someone changes it for you. Many email services also restrict location log in or device, meaning that if you attempt to log in from a different location or device, the system requires an extra authentication.
We can say with certainty that since the email was sent 50 years ago, security, availability and storage have improved, making this tool today, the preferred method for communication in the business world.