How to enhance your security posture in your enterprise cloud emails: Case for Google Workspace
Episode 1: Business Email Compromise and deployment S/MIME encryption
In this series, we shall run you through some of the enterprise security considerations and implementation that you should consider when deploying not just Google Workspace cloud services but any cloud services.
Overview: Some disruptive statistics
During the period January – March 2023, the Kenya National KE-CIRT/CC detected 187,757,659 cyber threat events, which was a 24.89% decrease from the 249,991,852 threat events seen in the previous period, October – December 2022.This trend in cyber threat events detected is attributed to the continued activity by organized cybercrime groups, adoption of more sophisticated tools by ransomware gangs, continued targeted attacks at critical systems and services, adoption of sophisticated phishing and malware kits by threat actors, continued targeted attacks at cloud-based supported services and unsecured infrastructure; continued network misconfiguration attacks; and continued adoption of botnet and Distributed Denial of Service (DDoS) attack techniques. Source: https://ke-cirt.go.ke/wp-content/uploads/2023/07/Q3-2022-23-Cybersecurity-Report-min.pdf
And according to the 2021 AIG Claims Report on Cyber Claims: GDPR and business email compromise drive greater frequencies, Business email compromise (BEC) has overtaken ransomware and data breaches by hackers as the main driver of AIG EMEA’s cyber claims, followed by ransomware.
Source : https://www.aig.co.uk/content/dam/aig/emea/regional-assets/documents/aig-cyber-claims-2019.pdf
And yet, enterprise security has been skewed toward ransomware in recent years. FBI data highlights that enterprises, in aggregate, are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.
In this Security Series, we shall help you explore some of the inbuilt Security features and capability within Google Workspace that have been designed for security and how you can leverage them to enhance your organizations security posture. Being designed and intended for the browser from the start, Google Workspace improves security by minimizing the surface for attacks. No relying on installed/downloaded apps that create info silos and friction. This means zero footprint, always current and always on. Google Workspace runs on the same infrastructure and network as google.com, so reliability is the same as google.com and youtube.com.
“Gmail is much better than our previous malware filter. The first month after we migrated, we ran two systems in parallel. Gmail removed 107,000 malicious emails the old system didn’t catch.” Morgan Reed, State CIO, State of Arizona
How to deploy S/MIME encryption for email in Gmail for Business
Secure/Multipurpose Internet Mail Extensions (S/MIME) is a protocol for sending digitally signed and encrypted email messages. S/MIME allows you to encrypt emails and sign them. When emails are sent with S/MIME, it assures the receivers that:
- Email message in their inbox is the exact message that the sender sent.
- Assures that the email message indeed came from the indicated sender and not from someone pretending to be the sender.
To do this, S/MIME provides cryptographic security services such as authentication, message integrity, and non-repudiation of origin using digital signatures. S/MIME also helps enhance privacy and data security (using encryption) for electronic messaging. S/MIME requires a certificate and publishing infrastructure that is often used in business-to-business and business-to-consumer situations. The user controls the cryptographic keys in S/MIME and can choose whether to use them for each message they send. To obtain SMIME certificates for use in Gmail;
- Get a Free one for an individual or a paid one for a company at ACTALIS:https://www.actalis.com/s-mime-certificates.aspx.
- Deploy your own using LestEmctript:
- Buy from the market
(We are not paid nor related/affiliated to this examples)
Let us now walk through how to use SMIME in Gmail for Business:
- Admin must turn on hosted S/MIME in your Google Admin console
- Have users reload Gmail – A lock icon appears in the message subject.
- Upload certificates – to use hosted S/MIME encryption, end-user certificates must be uploaded to Gmail as below:
- Have users exchange keys – to start exchanging S/MIME messages, users need to exchange keys with message recipients in one of these ways:
- Send an S/MIME signed message to recipients
- Ask recipients to send them a message.
Stay tuned, in our next episodes, we shall covers topics in the following areas:
- Data Loss Prevention (DLP) for Gmail
- Data Loss Prevention (DLP) for Drive
- Deleting Accidental Sent emails in your domain
- Security Center: Investigation tool
- Google EMM: Remote Wipe Devices: Windows, Android and iPhone
- Data Retention: Vault and eDiscovery