Not all email security is created equal
Cybercriminals never fail to miss an opportunity. Remember the hullabaloo leading up to the European Union’s General Data Protection Regulation (GDPR)? We’d never seen so many emails streaming into our inbox reminding us of just how special we are! However, researchers at Redscan realised something more sinister was at play when they found that amongst the genuine emails from legitimate companies were phishing attacks.
One such scam claimed to be from Airbnb and stated that the user had to click the link to “accept the new Privacy Policy”, or they would no longer be able to receive “new bookings or send messages”. The email was structured as you would expect a professional email to be, using the Airbnb brand voice by calling the user a “host”, highlighting important text in bold, using paragraphs, including the San Francisco address of the company and, of course, the Airbnb logo.
The question is… would you have clicked the link? Or can you think of a colleague who could have been duped?
Taking a holistic approach to email security
Many companies rely on Microsoft Office 365 to do all the security for them. On the surface, it makes sense because Microsoft has a handy inbuilt security offering with their products that doesn’t require any additional on-premise security infrastructure. Office 365 is the outstanding leader in business technology, and we have covered the reasons why in numerous blogs already! However, Microsoft is a hub of business technology experts and not IT security specialists. Even with Microsoft’s add-on Email Security features, malware and spam still manage to get through.
When it comes to email security, there are additional measures you should be taking if you want to keep your sensitive data secure.
Are you protected against cyberattacks and email outages?
There are two primary issues to be aware of when it comes to email security, and they are cyberattacks and email outages. Let’s have a closer look at both of these common issues…
Cyberattacks via your inbox
Email-based cyberattacks are not going away. In fact, they are on the rise and growing more sophisticated by the day. These cyberattacks can come in many forms, like spear phishing attacks, malware, banking trojans, ransomware, spam, etc. It is a costly problem to be faced with when sensitive information is at stake, especially if it is customer data that has been compromised. A report by Barracuda showed that there are also plenty of hidden costs such as your employee productivity being disrupted, the IT team not being able to address other priorities, and the damaged reputation of the company.
Email outages
You are probably wondering what the chances of an email outage are. With Office 365, is it not that bad at 0.1%, which comes to roughly 8.5 hours per year. However, according to Osterman, “For the typical organization, the cost of user productivity loss during email outages is 20 cents per user per minute. This means that a single 30-minute outage for a 500-seat organization will be $3,000.” As we always say at Unity, the amount of security you require really depends on your business; so, ask yourself how much downtime can your business afford to put up with?
How to enhance your email security
Both email-based cyberattacks and email outages can be combatted with IT security. When it comes to cyberattacks, it is all about getting the right security specialists for the job. A sophisticated, layered approach to IT security is needed to defend your company against modern cyberattacks. This level of security will include 24/7 monitoring, automatic isolation of compromised endpoints, encryption of sensitive data, security alerts, the most advanced anti-spam and anti-phishing technology, and a user-friendly, synchronised interface to keep track of it all.
In the case of an email outage, email continuity services are the way to go. Do you have email spooling and an emergency inbox set-up? Email spooling involves using a file to record important information entering your inbox, such as the sender addresses, the times of delivery and the body text of every email for a particular account. An emergency inbox, as you may have guessed, is a way for your employees to access their emails if there is an email outage so the business day can continue without too much interruption.
But most importantly, educate your users!
We cannot reiterate this one enough! Most email-based cyberattacks rely on fooling the user into trusting the information they are receiving. This is a social engineering attack and 1 in 10 employees fall for them. This is not because 1 in 10 employees are senseless, but because they have not been trained to recognise a suspicious email.
If you have been thinking “My team would never fall for that”, why not find out for sure with a penetration test! These tests are designed to send fake social engineering scams to employees to find out if they adhere to your company’s security policies or not. However, if you are not sure whether your company has security policies in place with regards to email-based cyberattacks, then it is worth setting this up first and giving your employees a fighting chance!