Election Security Spotlight – What Is Email Security?
An Overview of Email Security
Email is one of the top ways that cyber threat actors (CTAs) gain access to networks today. Email security helps protect an organization’s network from unauthorized access gained through an email in an employee’s inbox. Implementing a few email security best practices can lessen the possibility of your organization falling victim to a cyber attack from email.
Why It Matters
Approximately 91% of cyber attacks begin with a phishing email. Even with the danger that email presents, it is a widely used means of communication in today’s society. For example, in the world of voter registration and elections, individuals email a variety of documents such as voter registration applications, absentee voting applications, etc. Phishing emails are becoming more and more convincing each and every day, so it is crucial that both permanent and temporary employees are continuously trained to know the signs of phishing emails.
What You Can Do
Here are a few best practices to consider:
- Create strong passwords. Strong passwords are long and complex. They also have no personal information and are not easy to guess.
- Implement two-factor or multi-factor authentication. Two-factor and multi-factor authentication extend the login process beyond just entering a password. Most commonly, they require you to submit a passcode randomly generated by an authenticator application on your mobile device after providing your credentials.
- Provide training to employees on phishing emails. It is important to continuously train permanent and temporary employees to spot and report phishing emails to your organization’s IT professionals and CIS’s 24x7x365 Security Operations Center (SOC). The U.S. Department of Justice (DOJ) provides support to establish and operate an anti-phishing training program. For more information, email [email protected]. In addition, the U.S. Department of Transportation (DOT) offers phishing vulnerability scanning. This service sends a fake phishing email to users to assess how vulnerable an organization is to phishing scams and provides a report on the results. For more information, email [email protected].
- Scan email attachments that seem suspicious. Malicious Code Analysis Platform (MCAP) is a web-based service used to submit and analyze suspicious files and links in a controlled and non-public fashion. MCAP is a no-cost service available to EI-ISAC members. To request an account, email [email protected].
- Email protection. Email protection screens incoming email communications to block known malware and spam messages before they reach an employee’s inbox. EI-ISAC members are eligible to participate in the no-cost Email Protection Service (EPS) pilot program, federally funded through September 2024. This service is provided by DuoCircle. For more information, email [email protected].
Implementing some or all of the email security best practices above into your election office’s policies and procedures is the first step! Talk to your IT professionals to help make these best practices a reality. Be sure to mention and provide information to your IT professionals on the DOJ’s anti-phishing program support as well as the no-cost services available to EI-ISAC members to help with email security.
Please contact us at [email protected] if you have any questions.