What to Look for When Choosing an Email Security Solution

Advice for healthcare organizations on choosing an email security solution to block the constant barrage of phishing and malware threats that target healthcare employees. 

Email is one of the most common vectors used in cyberattacks on healthcare organizations. The HIPAA Security Rule calls for security awareness training to be provided to the workforce to make employees aware of common threats they are likely to encounter, and while training can reduce susceptibility to phishing attacks, employees will make mistakes.

Cybercriminals understand their malicious emails will be identified and avoided by most employees, but all it takes is for one individual to respond to a phishing email for credentials to be compromised or malware to be installed that allows an extensive attack on the network. Email security solutions will not block all malicious emails, but they will block the majority of threats. In combination with security awareness training, web filters, and endpoint security solutions, healthcare organizations will be well protected against email-based cyberattacks.

9 Features to Look for When Choosing an Email Security Solution

Choosing an email security solution that balances protection, usability, and price can be a challenge. To help with the process of choosing an email security solution, we have provided some of the key features you need to look for to block threats with a high degree of accuracy while ensuring the solution works seamlessly with other cybersecurity measures and is easy for the IT department to implement, use, and maintain.

Layered Security

While it was once sufficient to have a single cybersecurity solution for protecting against malicious emails, it is certainly a different story today. The increasingly sophisticated nature of email attacks means layered defenses are required. That means there should be multiple overlapping layers of protection in terms of security solutions, but each solution should have multiple detection mechanisms. One area where protection can be reduced is if the email security solution replaces the protections provided by Google or Microsoft Office 365. Email security solutions should add extra layers of protection on top of those provided by the likes of Office 365 – They should not replace them.

Low False Positive Rate

Email security solutions may have excellent detection rates, but it is important when choosing an email security solution to select a product with a low false positive rate. If genuine emails get caught by the filtering controls, it can prevent the timely delivery of important emails. It can also result in users rummaging around looking for emails in the quarantine folder, which will undoubtedly contain genuine threats.

Strong Anti-Phishing Protection

Phishing poses a major threat to all businesses, especially those in healthcare. Advanced anti-phishing protection includes SURBL and URIBL filtering for blocking known sources of spam and malicious emails, scans of message content for common signatures of phishing, and machine learning capabilities that can detect when emails deviate from the typical emails that are received. The ability to score emails based on the likelihood of them being malicious allows different tolerance levels to be set for users based on the level of risk of being targeted.

Protection Against Advanced Malware Threats

Malware is often delivered via email, either directly attached to emails, through macros in Office documents, or via links to malicious websites. Email security solutions include anti-virus engines for scanning attachments, but this only provides signature-based detection, and it is now rare for malware to be directly attached to emails. Embedded hyperlinks should be checked against real-time blacklists, and sandboxing is important for detecting novel malware threats that pass standard AV controls. In the sandbox, the behavior of files is subjected to deep analysis.

Anti-Email Impersonation Capabilities

Email impersonation is common in phishing attacks. Scammers spoof companies and trusted individuals to trick people into believing messages have been sent from a known source. An email security solution should have robust anti-spoofing capabilities and should incorporate Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) for authenticating senders of emails to make sure they are who they say they are and to verify they are authorized to send emails from a particular domain.

Full Visibility and Control of Email

Administrators need to have full visibility into their email environments, including the threats that have been blocked. Reporting tools are needed to find threats as they could indicate a much broader ongoing attack on the organization. There also needs to be easy management of the quarantine folder for identifying and releasing false positives. Having visibility into email volume is important for identifying suspicious user activity and potentially compromised mailboxes.

Scanning of Outbound Emails

The majority of email threats will come from external sources, so the scanning of all inbound emails is essential, but threats can come from within. Insider threats in healthcare should not be ignored. Each year many data breaches are caused by malicious insiders. An email security solution with data loss prevention capabilities should be considered. Some solutions allow administrators to flag data types – Social Security numbers for example – and block emails sent externally containing certain data types. Outbound email scanning can also identify compromised mailboxes that are used for spamming, phishing, malware delivery, and business email compromise scams. Only a small percentage of companies scan inbound and outbound emails.

Is the Vendor HIPAA Compliant?

Email security vendors are not necessarily business associates, but it is important to note that emails containing patients’ protected health information would be transferred to the cloud if a SaaS solution is used, and that has implications for compliance if the vendor can access emails stored on its servers. Many healthcare organizations choose an on-premises security solution, but cloud-delivered email security is an option, provided the vendor will sign a business associate agreement.


The cost of email security solutions can vary considerably, even among solutions that offer an equivalent level of protection. Cost may not be the primary concern, but it is often a deciding factor. It does pay to conduct some research on pricing as there are considerable savings to be made. For instance, in 2022, SpamTitan Cloud costs $1.08 per user per month, whereas the price of Mimecast is $4.50. For 250 users, the cost saving between the two is more than $10,000 a year.


Consider these features when choosing an email security solution to make sure that you get the protection you need and be sure to take advantage of any free trials to test whether the products perform as expected. Also check independent reviews of products on review platforms such as G2, Expert Insights, Capterra, & Gartner.