Email Filtering and Encryption: Why Google’s Filtering Isn’t Enough

Businesses today simply cannot afford to skimp on email security. In fact, email has become the number one path that malicious attackers use to slip past your defenses and infiltrate your network. While Google G Suite offers good, basic security, it does not provide full protection against today’s quickly evolving email threats.

That’s where Symantec Email Security.cloud comes in. Symantec’s cloud-based email security solution provides the full range of protection your business needs to withstand known and emerging threats like business email compromise, ransomware and spear phishing.

 

Why Is Email Targeted?

Email has become the favored target of attacks for several reasons. First, it’s everywhere. These days, nearly every business, large or small, uses email for both external and internal communications.

This also means that email users vary a lot in their awareness of threats. Users who aren’t as aware of security risks may open attachments or click links that download malware or give hackers access to your network.

For instance, as Tripwire.com’s State of Security reports, in 2016 a police department in Dallas, Texas, was infected by ransomware through an email that came from an address that imitated a departmental email address. The ransomware encrypted police files, including documents, photographs and videos. It demanded $4,000 in Bitcoin to decrypt the files.

While the Texas police department chose not to pay the ransom, these attacks can also be very profitable. For instance, according to Symantec’s annual Internet Security Threat Report, in 2016 the average ransomware payout was more than $1,000.

One victim of an email-based ransomware attack that paid significantly more than that was the Hollywood Presbyterian Medical Center. In 2016, their network was infected by ransomware spread by spam phishing emails. Ultimately, the hospital paid a $17,000 ransom to get access to their data back.

Plus, emails themselves often contain sensitive and valuable information about a business. As a result, hackers can steal confidential data directly from the emails themselves, for later sale or other purposes.

Because email is such a tempting target for cybercriminals, it’s particularly important to ensure that your company or organization’s email is secure.

 

How Does Symantec Email Security.cloud Protect Against Threats?

Symantec’s email security solution provides a blanket of protection that addresses three major types of threats. First, Symantec defends against malware and spam using technology such as antivirus engines and reputation analysis to evaluate the links and attachments in emails.

To protect against phishing, Symantec checks links in emails before they’re even delivered, following them all the way to their final destination. This way, Symantec’s security can catch brand new phishing attacks, unlike less advanced security systems that can only detect already-known phishing links.

For additional defense against phishing, it also has the ability to identify and block emails that are designed to impersonate actual users or domains belonging to your organization. This could have prevented the ransomware attack against the police department in Dallas.

Finally, Symantec Email Security.cloud also protects against emerging threats—new and targeted attacks that may be designed to evade less sophisticated email security products.

For instance, today some malware is written so that it won’t execute unless it’s on a physical server and detects what appears to be human interaction. When Symantec detects an unknown file, the file gets “sandboxed”—isolated and sent to a physical server that mimics human behavior to see whether it’s actually a threat.

The email threat isolation capabilities offered by Symantec cannot be matched by any other email security solution available today. Suspicious links and websites are made harmless by either preventing the user from accessing them or rendering them in read-only mode so that the user literally cannot enter the sensitive information that the phishing attack is trying to capture—such as passwords.

Advanced machine learning, network traffic analysis, and behavior analysis are also used to analyze code, detect hidden threats, and find new and hidden ransomware that may be lurking inside seemingly harmless attachments.

 

Symantec Email Security.cloud Leads the Way

So how well does Symantec do in actual testing? In 2017, Symantec conducted internal testing of four email security solutions: Symantec, Proofpoint, Mimecast, and Office 365. They sent almost two thousand emails, including both clean emails and those containing malware and phishing attacks.

Symantec easily beat all of the competition. Symantec caught 98.77% of all the malicious email, with zero false positives. By comparison, the second-best security solution was Office 365, which caught only 88.11% of the malicious emails and had 0.06% false positives.

For instance, Symantec’s current Service Level Target for Antispam Efficacy is “Over 99%.” Every month, they report whether this target has been achieved. In June 2018, their actual Antispam Efficacy was 99.999986%!

 

Conclusion

Malicious attacks via email continue to rise, with new threats developing every day. Symantec’s Email Security.cloud can shield your company against both known and emerging threats. And thanks to its education and assessment components, it can even help to train your employees to guard against threats too.

Case Study: NovaHR

In today’s connected world, almost every business has IT needs, like secure email for internal and external communication and a professional website so potential customers and clients can find you. But many small and medium-sized businesses may not find it cost-effective to hire their own, full-time IT staff.

That’s where Visibil.IT can help. We create complete IT solutions for small and medium-sized businesses. We use our expertise to select cutting-edge products and vendors that will keep your business up-to-date, and we provide the traditional core services like email and websites that all businesses need.

Let’s take a look at one of the businesses we currently support so you can get a better idea of what Visibil.IT can do for you.

 

NovaHR Business Profile

NovaHR is an Alabama-based consulting firm that provides human resources support and advice for small and medium-sized businesses that may not have their own full-time HR professional on staff. In other words, they’re not that different from us, except they provide HR services instead of IT!

NovaHR provides a wide range of services, all specifically tailored to clients’ needs. These services include handling recruitment, improving hiring practices, developing orientation and training programs, and consulting on discipline and termination practices to decrease the risk of legal actions.

The owner of NovaHR, Laurie Halvorson, first started her consulting business in 2001, then spent eight years working full-time for another company before going back into business for herself in 2017. Her new business needed email and a website, so she turned to Visibil.IT.

 

Getting Started with Visibil.IT

For many business owners, the process of setting up things like email and a website can be stressful and consume valuable working hours that could be spent in more profitable ways. According to Laurie Halvorson, working with Visibil.IT made her part of the job much easier, which meant less time taken away from running her business.

On setting up her email and website, Halvorson says that Visibil.IT “handled pretty much everything. I just sent my logo and a description of services, and they did the rest.” She appreciated that the site was up and running in less than a week, with no other input or decision-making required on her end.

NovaHR’s website includes descriptions of the services they provide, as well as a contact form that allows potential clients to quickly and easily get in touch with them. In fact, the website has been so effective at connecting her with clients, Halvorson says that she hasn’t had to do any other advertising!

 

Improving the Wi-fi Network

One technical problem that Halvorson encountered as her business got up and running was insufficient wi-fi coverage that limited where and when she could get work done. She asked Visibil.IT what we could do about that, and we suggested a mesh wi-fi network.

A mesh wi-fi network uses multiple routers, called nodes, to provide consistent wi-fi coverage throughout a large space, like an office building or a large house. For many businesses, a mesh network can really help with meeting today’s wireless needs. The Eero system that we prefer works with an app that allows you to easily monitor the network from your smartphone.

According to Halvorson, once she decided that she wanted to try the mesh wi-fi network, Visibil.IT handled everything else. Describing the process, she said, “It was so easy. They purchased the equipment, programmed it for me, and made sure all my devices were connected to it.”

She appreciated how quickly the work was done as well, noting that the entire network was installed in less than a day.

Halvorson likes the mesh wi-fi network because it allows her to work from anywhere. According to her, that flexibility “benefits me personally, which benefits my business.”

 

Trusted Service, Ongoing Support

When asked why she initially chose Visibil.IT to provide the IT services she needed, Halvorson said, “I have worked with the owner, David before and trust his work.” 

Halvorson also reports being very satisfied with the support she’s received from Visibil.IT since the initial set-up and installation. She likes that she can easily get in touch by phone call, email, or text and that there is a quick response to all of her questions.

Overall, Halvorson describes her experience of working with Visibil.IT as fast, easy, and providing significant benefits to her business. We’re glad we could help!

Email Signatures and Spam Filters

Do you wonder why sometimes the email you send gets placed into the recipient's spam folder? You've been emailing them for years but once in awhile or all the sudden your messages are marked as spam. Every email you send gets scored (graded with a numeric value by a spam engine) multiple times before it ends up in someone's inbox and every scoring system is different.

Most email servers work the same way. The first level of spam detection occurs before the email is ever accepted. The receiving server checks several things about the sending server to make sure it should be sending out email from a particular domain. IE: A yahoo email server should not be sending out email with a from address containing gmail.com. Once the receiving email server accepts delivery of the message, the second level of spam detection occurs: content scanning.

Here is what a normal email looks like:

From: Email Test <emailtest@visibil.it>
To: testemail@somedomain.com
Date: Thu, 28 Sep 2017 14:14:30 -0500
Subject: Hi
Hi there.

Here is what the server sees:

Delivered-To: testemail@somedomain.com
Received: by 10.25.59.211 with SMTP id d80csp1091303lfl;
Thu, 28 Sep 2017 12:14:31 -0700 (PDT)
X-Received: by 10.55.17.233 with SMTP id 102mr3738794qkr.56.1506626071639;
Thu, 28 Sep 2017 12:14:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1506626071; cv=none;
d=google.com; s=arc-20160816;
b=J1+HZ/zkILoym+6upvp4Wp1st0dvyoT37QMv6m+ljXPHOmwF9QZMT42dsiQoThkpwH
QpxeFLW0T6WHjKLTyP9kRMuFpa+2yFbD5bWUhbjJ0FVzAwqxGcYTuqXz/Cf6kICK5HDs
jD2zu8ipzMWlYq/zPx9vn/E+B54pwK9pPXgzjwQ8XybQPORaKb1M3FOqqff+ywrq1121
IppShr1k2oU/Oy0tczF3QeQFB1rnG7ZGDYXX4ydARN3lKyK4iJlC8xIc4jP8NRLqlZyZ
DsdvEG5P5x2fUR7QVeLkBD7Wsw085XuIIHa2LfZ5aDUoya/zNbDfHmRf36PMaTcUaCo6
c7fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=to:subject:message-id:date:from:mime-version:dkim-signature
:arc-authentication-results;
bh=Eq0FLBHrzGRGkt+/YYbIRBpVuknn+KX5ee62OBYGadg=;
b=bkD5AJUmfUjZeWwv39b5VcdPyT26ZyEP8I2tn7uZENClzicl89nrICTnB55xSD7qcc
zBmlIVDuWdhi+7IG/BnWkRG+9haCuZby7DiBYT4ehr2sozj7r89JcLEjgTC/s/yY84bf
1m3+1LCz+kVijyF7v5QStuLvKq4WFSiujAvFsH+IUu35sNKDsw/b1yBWUmvEm5fTKPjs
TM5AUC8t9775Gjtyf9SvbBl3TzRG2/guAEqa+BSKOZjiKIzlqwbNw4P9VGFU8TMxB9mA
W+LiVdwuz/VfmtKyX6GBZ8Azs+gpWZqYAw7BnNwf1ek14SlQdrWKvUVVecJdBGTW4FkP
iXQQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@visibil-it.20150623.gappssmtp.com header.s=20150623 header.b=Ev0UvhD9;
spf=pass (google.com: domain of emailtest@visibil.it designates 209.85.220.41 as permitted sender) smtp.mailfrom=emailtest@visibil.it
Return-Path: <emailtest@visibil.it>
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
by mx.google.com with SMTPS id a184sor1681237qke.149.2017.09.28.12.14.31
for <testemail@somedomain.com>
(Google Transport Security);
Thu, 28 Sep 2017 12:14:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of emailtest@visibil.it designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
Authentication-Results: mx.google.com;
dkim=pass header.i=@visibil-it.20150623.gappssmtp.com header.s=20150623 header.b=Ev0UvhD9;
spf=pass (google.com: domain of emailtest@visibil.it designates 209.85.220.41 as permitted sender) smtp.mailfrom=emailtest@visibil.it
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=visibil-it.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=Eq0FLBHrzGRGkt+/YYbIRBpVuknn+KX5ee62OBYGadg=;
b=Ev0UvhD9jgyoKfbCEHsMnJCP0Sq0UmQ+DNQN4FoEBhlnEfSTO4ktHEQ5UD3biuA7Kk
Vkixn8ErmInQijNx5wBYpcDwpjEOMd26M14SAa4d9h283Fk0KsrizwY0L7b+ngYoZUN5
8mq2kbspCz9nYa2sfBhxWZ9elkCtc0RcOZyi7o/mNVqFj5fFf6Sk4zHMawXXdok1icY7
4WB5jyKDhHN9UynSAJJ+D66GEtmJSxh/XfBuj3WKXftEen6oWzXEiC46RsZNvxmxI8XX
RE2oCVT4DlRKGhZZi2A8MVY+LGilTjvjBcAOaXp0d2EgivQOzKI3ebqbP4suGUJCLIR7
YDGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=Eq0FLBHrzGRGkt+/YYbIRBpVuknn+KX5ee62OBYGadg=;
b=lyWtR1GBfW3mLFbEcJXUQY8x+rQcaj8worYKPaB5hDDhBdMTm55SCGs/yDSn00cQsj
SYBj9fWLuZw/wRyoVfbBvyiE2Wicu1lVmagd7RXfbhKBp1r4699V6kJ80dI5+78LRpBb
QGShXYSlqM2OGdwrgA4COabWqXp8/MYOhbP2REzkJjVTu12DT9GPxjaMNxmZo6qPoxjn
9+6nwBLitz7EczCGzcYhh/WPNdPocwS/G+lpXNYwdotV/ApEW8MYf8X1qoruEUZDrxbE
leSTDItXKjqQKKNASoRxPrXk8ff65LAHjUbzBE9sTj8/ZMLllxV156NU8dj0bnpFuFrL
sOWg==
X-Gm-Message-State: AMCzsaVMAYt46cG72Q+gilUv8VdQ+sy5r+KLcKu3yvZ804/XomcsUBmL VFTBfj8eK6FmGuPV/OwrBkunXMfgseHWYf+PH0ThUQ==
X-Google-Smtp-Source: AOwi7QBB610tnIas/Try6wpkQUFaCW0WckIeIvHWwfg3ca1mgOneiK+yGwhGOHqxOGqrhby7Cdzd9I83ocIbNbpZmGA=
X-Received: by 10.55.157.195 with SMTP id g186mr8061174qke.347.1506626070824; Thu, 28 Sep 2017 12:14:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.72 with HTTP; Thu, 28 Sep 2017 12:14:30 -0700 (PDT)
X-Originating-IP: [207.203.41.250]
From: Email Test <emailtest@visibil.it>
Date: Thu, 28 Sep 2017 14:14:30 -0500
Message-ID: <CALN7Uesx3_iEMCBo5FaR8rZvS7isvht_Gw90DB8Rh=ptZ1m=Mw@mail.gmail.com>
Subject: Hi
To: testemail@somedomain.com
Content-Type: text/plain; charset="UTF-8"
Hi there.

Big difference for such a short message but it is still pretty easy to read as the content of the message was in plain text. This is the way email was designed and it was never really meant to carry today's payload of images, html and javascript. Below is the same email with a modern email signature with all the various social media hooks:


Screen Shot 2017-09-28 at 2.54.00 PM.png

Here's the additional code that now appears at the bottom of every email you send:

<table cellpadding="0" cellspacing="0" border="0" style="background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;">
<tr><td colspan="2" style="padding-bottom: 5px; color: #F7751F; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Email Test</td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><i>Overlord</i></td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">Operations</td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Visibil.IT</strong></td></tr>
<tr><td width="20" valign="top" style="vertical-align: top; width: 20px; color: #F7751F; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">p:</td><td valign="top" style="vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">256-665-9282&nbsp;&nbsp;<span style="color: #F7751F;">m:&nbsp;</span>256-555-0000</td></tr>
<tr><td width="20" valign="top" style="vertical-align: top; width: 20px; color: #F7751F; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">a:</td><td valign="top" style="vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">200 Dan Tibbs Road</td></tr>
<tr><td width="20" valign="top" style="vertical-align: top; width: 20px; color: #F7751F; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">&nbsp;</td><td valign="top" style="vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">Suite 200</td></tr>
<tr><td width="20" valign="top" style="vertical-align: top; width: 20px; color: #F7751F; font-size: 14px; font-family: Arial, Helvetica, sans-serif;">w:</td><td valign="top" style="vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><a href="https://visibil.it" style=" color: #1da1db; text-decoration: none; font-weight: normal; font-size: 14px;">visibil.it</a>&nbsp;&nbsp;<span style="color: #F7751F;">e:&nbsp;</span><a href="mailto:emailtest@visibil.it" style="color: #1da1db; text-decoration: none; font-weight: normal; font-size: 14px;">emailtest@visibil.it</a></td></tr>
<tr><td colspan="2" style="padding-bottom: 8px; padding-top: 5px;"><img src="https://drive.google.com/uc?id=0B_wEeyJUAw2MbUdEMlAwYnAtc28"></td></tr>
<tr><td colspan="2"><a href="https://twitter.com/visibil_it" style="border-width:0px; border:0px; text-decoration: none;"><img width="25" height="25" style="border: none; width: 25px; max-width: 25px !important; height: 25px; max-height: 25px !important;" src="http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/twitter_sig.png"></a></td></tr>
<tr><td colspan="2" style="padding-top: 10px;"><a href="http://bit.ly/2wPXphP " style="border-width:0px; border:0px; text-decoration: none;">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/InboundCert-NoShadow_35px.png" alt="Inbound Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/EmailCert-NoShadow_35px.png" alt="Email Marketing Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/HubSpotMarketingCert-NoShadow_35px.png" alt="HubSpot Marketing Software Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/HubSpotSalesCert-NoShadow_35px.png" alt="HubSpot Sales Software Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/InboundSaleslCert-NoShadow_35px.png" alt="Inbound Sales Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/PartnerCert-NoShadow_35px.png" alt="Partner Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/DesignCert-NoShadow_35px.png" alt="HubSpot Design Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/COMCert-NoShadow_35px.png" alt="Contextual Marketing Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/ContentMarketingCert-NoShadow_35px.png" alt="Contextual Marketing Certification">
<img width="35" height="34" style="border: none; width: 35px; max-width: 35px !important; height: 34px; max-height: 34px !important;" src="http://cdn2.hubspot.net/hubfs/53/GDDCert-NoShadow_35px.png" alt="Growth-Driven Design Agency Certification">
</a></td></tr>
</table>

That's a huge difference for a message that just says "Hi there." Also notice all the links to external websites to pull images and data from. Not only does this slow email display time down on the recipient devices, but the external websites are what the spam filter focuses on. Things that can get these external sites scored higher on a spam filter:

  • If anyone on any email service, such as gmail, marked a message as spam using the same company that generated your signature.

  • The signature company's website has been marked as dangerous by a spam reporting service.

  • If a mass marketing email campaign with that signature was used and marked as spam.

  • If the signature is too image or link heavy. Each item adds more to the spam score.

  • If new spam definitions contain a false positive signature (Something that scored low in the past could score high now due to any non-text elements.)


Keep your email signature simple. Keep it plain text. 

Now a blast from the past. Even in the before time, people tried to out do each other on email signatures. Here's one of my favorite:

 

asciiemailsig.png