Common Email Security Mistakes That MSPs Make

Posted by Trevagh Stankard on Thu, Jan 13th, 2022

A Managed Service Provider (MSP) has a huge undertaking when working with enterprise client email. They must maintain servers, set up email accounts, and most importantly secure email from attacks. Many of the biggest data breaches start with a phishing email, and MSPs must ensure that these emails remain unopen and users don’t download malicious attachments. If you’ve been hired to secure client email services, here are a few common mistakes to avoid.

1. No User Education

Educating users has proven to reduce the number of phishing emails that users open or interact with. Phishing emails usually include a link to an attacker-controlled site or a malicious attachment. You want the user to recognize both these attacks as malicious and report it to the right person, and then delete the message.

It’s even more important to educate users in specific departments such as finance and human resources. It’s not uncommon for this staff to get dozens of phishing emails a month, and they must be able to identify malicious messages to avoid compromise.

Read Article: Dodging 4 Hidden Dangers of Phishing Scams

MSPs can train users in-person, provide online training, or give users documentation and information when they are onboarded after being hired. Training should give users the information necessary to recognize a malicious email and avoid anything that could lead to a data breach.

Training shouldn’t just be a one-time lesson. Attackers change the way they trick users, and any common attacks should be communicated to users. This requires the MSP to be up to date on the latest attacks and phishing techniques so that they can be communicated to users. This communication could be in email or additional training. In addition to communicating to users, MSPs should offer annual training to help users not only identify phishing attacks but also protect the network from credential theft, malware, and ransomware.

2. Implementing Poor Cybersecurity

MSPs are required to implement services required by the customer, but it’s a mistake to skip email security even if the customer claims it’s not necessary. Customers might think that all email must be delivered to user inboxes, because they don’t understand the massive amounts of phishing that’s sent every day.

It’s estimated that 306.4 billion emails are sent daily, and there is a good chance your customer will be the recipient of a portion of them. Every day, 3.4 billion phishing emails are sent out worldwide(Vailmail). Email security is evolving to better catch these messages and stop them from being inboxed. Artificial intelligence has helped improve email cybersecurity so that filters can detect spoofing, malicious macros in attachments, messages that contain links to attacker-controlled servers, and messages that could be considered spam. Even if customers want all email inboxed, it’s essential that the MSPs convince them that cybersecurity is necessary to stop data breaches and compromise of their network.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that filters out email if certain security settings don’t pass. For example, a Sender Policy Framework (SPF) entry on the company’s DNS servers will allow email to pass to the user’s inbox when DMARC is enabled. If an SPF record isn’t detected, the email server’s security does not allow the message to be inboxed. This security stops spoofed messages from reaching the intended recipient, which reduces the number of phishing emails.

3. Not Quarantining Suspicious Messages

Even with DMARC enabled, MSPs should quarantine suspicious messages. By quarantining messages, administrators can review them and identify if the company is a target for attack. In a targeted attack, attackers will send potentially hundreds of messages to specific staff members. It only takes one successful message for the attacker to obtain credentials from a victim or convince the targeted user to download a malicious attachment and run an embedded macro.

Quarantining emails also provides MSPs with a way to “train” email security programs to eliminate false positives. An administrator can send a falsely flagged email message to the user’s inbox and change configurations on the security application to filter malicious emails more efficiently. Users get frustrated with email security that has too many false positives, and this will lead to them ignoring cybersecurity efforts. Reducing false positives also earns more trust from users who work with an MSP.

Conclusion

MSPs can generate recurring revenue by being proactive in educating customers about email threats. User training is essential for MSPs to provide good email cybersecurity to their clients. In addition to training, using effective email cybersecurity applications will stop these messages from reaching user inboxes.  Email security solutions ensure that phishing or malicious email do not reach your employees inboxes. Combining these two techniques will keep MSPs from falling into common pitfalls when they set up email servers and cybersecurity for their clients.

SpamTitan Plus provides leading edge, AI driven anti-phishing with the newest “zero-day” threat protection and intelligence. 

SpamTitan Plus Malicious URL Protection for MSPs includes:

• Protection against URL-based email threats including malware-based threats and phishing
• Predictive analysis to identify suspicious URLs
• URLs are rewritten to protect users as well as provide real-time checks on every click
• If a link is found to be unsafe a user will be presented with a block page containing additional information and further options.

Learn more about SpamTitan Plus for MSPs today.