How S/MIME Certification Can Save Your Company Billions
A Secure and Effective Technique to Verify Trusted Emails
The request is always urgent: maybe an invoice to a supplier is overdue, or maybe your manager needs you to run out and buy some gift cards to surprise your coworkers.
You’re a team player. You’ll help them out, right?
Except… what if that email didn’t really come from your boss? What if someone else is pocketing the money instead?
Scams like the ones above are known as Business Email Compromise (BEC), a type of phishing attack in which a fraudster impersonates a high-level executive and attempts to trick a colleague into transferring money or revealing sensitive data.
BEC scams have struck victims that range from Toyota to the government of Puerto Rico. And according to the FBI’s most recent Internet Crime Report, they netted fraudsters a staggering $1.8 billion in 2020 in the U.S. alone.
It’s not for nothing that people are said to be the weakest link when it comes to cybersecurity. Fortunately, in the case of BEC, there are several steps organizations can take to protect themselves. In particular, the implementation of digital certificates can validate the emails, identities and even organizational affiliations of the people in your company.
The type of certificate you choose depends on your security needs. In this post, we’ll focus on S/MIME, a relatively simple — yet effective — certificate that verifies an email has been sent by a trusted sender.
What Is S/MIME?
S/MIME, which stands for Secure/Multipurpose Internet Mail Extensions, is a standard for encrypting and signing emails. Using a public key certificate that contains a signing attribute, it verifies that the email in a user’s inbox came from the sender that claims to have sent it — and that its contents are exactly as the sender originally composed. (That way, even if an email is intercepted, it can’t be tampered with or falsified.)
Before S/MIME was developed, email administrators were forced to choose between email protocols that emphasized either security or connectivity. With S/MIME, they have an option that is both secure and widely accepted. S/MIME also works seamlessly with other security protocols like Secure Sockets Layer (SSL), Transport Layer Security (TLS) and BitLocker.
How S/MIME Helps Prevent BEC
S/MIME protects against BEC by enabling users to verify that an email is really from a specific sender — rather than relying on their ability to decipher social signals that are only too easy to engineer. Education and awareness can only go so far to counteract the natural human desire to please, to say nothing of the desire to help the boss by acting quicky.
By contrast, S/MIME certificates enhance security by giving users clear visual assurance when an email is authentic and unmodified. Train your employees to look for the correct signature accompanying each email and you’ll help them recognize when the sender has been verified — and when someone is trying to impersonate them.
Getting Started With S/MIME
Complexity is the biggest challenge when it comes to implementing S/MIME. The same certificate must be deployed everywhere your users read email, from mobile devices and personal laptops to tablets and webmail clients.
Fortunately, the right set of automation tools makes this process more straightforward, streamlining the implementation of S/MIME certificates across the enterprise. This spares users the effort of having to manually configure each mail client and device they’d like to use and means they don’t need to change anything to sign or encrypt email.
Central management consoles, meanwhile, streamline the administrative workflow.
That’s important, because organizations are sometimes tempted to implement S/MIME only for a portion of their users, rather than for everyone. But scammers don’t discriminate when they select their targets. Deploying S/MIME across your entire organization gives you comprehensive assurance that your users will be able to verify which emails are and aren’t trusted — regardless of whether the contents are suspicious or not.