With email security, some things can't be outsourced

You can outsource your email, but a good chunk of securing that email remains in-house. Here's what you need to know.

mobile phone messaging email network collaboration tools

While outsourcing email is right for many, if not most, enterprises, it's not enough to ensure both inbound and especially outbound email is secure. For example, outsourcing email would not prevent this from happening:

"Dear [FirstName] [LastName]," the email reads, "Click here to register for the AcmeCorp holiday party. Don't forget to RSVP!"

You check the return email address: HolidayParty@AcmeCorpHolidayParty.com. Not the usual corporate domain, AcmeCorp.com. Looks phishy. You forward it to your security department and wonder who clicked on the RSVP link.

Later, you find out it was a legitimate email from the event organizers and scratch your head. HR wants a head count ASAP. You click the link and pray the email from the ad hoc domain isn't a phishing email and thus a major security risk. Will clicking on the link download and execute malware on your work computer, making you another victim of business email compromise (BEC)?

No, the email is legitimate and the link harmless, but now everyone in the organization who received that email is a little less vigilant about spotting phishing emails because they know not to expect a standard domain.

Far-fetched scenario? Not at all. 

For many — if not most — organizations today, outsourcing email is a no-brainer. Securing email is hard, and unless you have a team of email security engineers, outsourcing email security to the experienced folks at Google, Microsoft, Fastmail or another reputable email provider may well be the right choice. Unless you're a large global conglomerate or you're working on sensitive R&D that you want to protect from theft or espionage, outsourcing email is likely the right decision for your organization.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)