What Is Email Security?

Email security is the practice of using technology to inspect incoming emails for malicious threats and encrypt—or secure—outbound email traffic to protect mailboxes, data, users, and organizations from cybersecurity attacks and schemes. Cloud email security is important as more companies migrate to a cloud or hybrid email platform. Layered defenses can provide comprehensive protection that incorporates email security best practices.

How can email messages be compromised?

While many cybersecurity professionals are aware of common email security threats like phishing, ransomware, business email compromise, and other inbound threats, it's important to also consider data protection and securing outbound traffic. In short, implement measures to prevent users from sending sensitive data through email to external parties. There are four main components of an email message that can be compromised or manipulated:

  • The body of the email
  • The attachments of the email
  • URLs contained within the email
  • The sender's email address

What are email security best practices?

Email security best practices include the use of a robust email security posture that contains layers of security measures, including effective security intelligence across your entire architecture, retrospective remediation, and encryption to prevent data leakage among other features.

How can I help ensure Office 365 cloud email is secure?

Microsoft Office 365 has become the standard productivity platform in organizations large and small around the world. It is a cost-effective solution and provides a basic level of cloud email protection through Microsoft Exchange Online Protection. But with increased global usage, Office 365 has also become an attractive attack surface for cybercriminals, leading many customers to seek additional cloud email protection.

If your business has adopted Office 365 for your email solution, make sure you are fully protected with multiple layers of defense (PDF).

Types of email security best practices

In our Cybersecurity Report: Click with Caution, we provide the following recommendations:

Run regular phishing exercises

Your employees are your greatest defense against phishing, especially the most tailored phishing attempts. Employees who can learn to recognize a phishing attempt outright can stop the number one source of endpoint compromise.

Use multifactor authentication

In the event that a corporate email account's credentials are successfully stolen, multifactor authentication can prevent an attacker from gaining access to the account and wreaking havoc.

Consider DMARC

DMARC domain protections can now be activated to protect a company's brand by preventing attackers from using a legitimate corporate domain in phishing campaigns.

Implement safeguards to quarantine and remediate threats

Message quarantine functionality is useful to hold a message while a file attachment is analyzed prior to either releasing the message to the recipient, removing the malicious attachment, or removing the message completely. Email remediation helps if a file is detected as malicious after delivery to the recipient. It allows you to go back and quarantine the message with a malicious attachment from within a mailbox.

Harness threat intelligence

External email threat feeds in Structured Threat Information Expression (STIX) are now commonly used by email security products, which is helpful should an organization want to use a vertical-focused threat feed beyond the native threat intelligence in the product.

Consider an integrated cybersecurity solution

Integration of email security with broader security portfolios is also becoming common to determine if advanced malware or messages in an environment may have been delivered to particular users or inboxes.

Types of email threats


Spam email is any unsolicited and unwanted junk email and is often sent for commercial purposes.  When spam is sent out in massive volume by botnets to an indiscriminate recipient list, the goal is most likely to spread malware by infecting computer networks, for business email compromise, and for phishing.


Phishing is sending fraudulent communications that appear to be from reputable sources, usually through email or texting. The end goal is to steal money or sensitive data like login information or to install malware or ransomware on the victim's machine. Phishing is a very common cyberattack that everyone should defend against.


Malware refers to any intrusive software developed by cybercriminals to steal data and damage or destroy computers and computer systems. One of the most common forms of malware is ransomware. Recent malware attacks have exfiltrated data in mass amounts. Malware comes in many forms and is often referred to as viruses, worms, Trojan viruses, spyware, adware, or bots.

Business email compromise (BEC)

BEC is a carefully planned and researched spoofing attack that strategically selects and impersonates a company, executive, vendor, or supplier. Adversaries create targeted messages and add unique details about either the person they are posing as, and/or the person they are attacking, to add legitimacy to the request. The end goal is often to trick someone into sending money over the wire or granting network access.