Email remains a key ingredient in business communications systems, including unified communication solutions that connect it with other platforms. However, the ubiquity of email has made it a primary target for fraud and cybercrime. This among other issues with email has spurred some companies to move away from the decades-old technology and into new instant messaging applications, but migration has been slow-going. To stay safe in the modern age of email means taking a few extra precautions and knowing how to respond quickly to a potential security breach.
It's never been easier to lock down corporate email systems to prevent the bulk of threats out in the world from directly impacting your own organization. Unfortunately, the widespread use of email all over the world means that plenty of unscrupulous activity still falls through the cracks, and a few seemingly innocuous mistakes can turn into a serious issue for a company.
The state of email threats
According to the 2018 Data Breach Investigation Report from Verizon, which analyzed more than 53,000 separate incidents of digital fraud, some 68 percent of malware reports found by researchers in the last year were installed through malicious email attachments. Across all types of data breaches, whether through malware, ransomware or a phishing attack, Verizon found that more than half were initially triggered by something akin to a rogue email attachment.
Email software has gotten much smarter and more proactive when it comes to preventing the installation of illicit software through attachments. That's why some security experts say that phishing attacks might be worthy of even more concern. A phishing attack is any scam in which the attacker assumes a false identity, often via email, in an attempt to convince victims to unknowingly send over their passwords or other secure information. Verizon's security report, among other recent cybersecurity research, found that targeted "spearphishing" attacks are becoming increasingly common. Spearphishing refers to social engineering schemes that specifically target a person within an organization that likely has more security clearance than the average staff member. Acquiring this person's passwords or other secure data could open the door to a gold mine for cybercriminals.
Clearly, email security cannot be overlooked despite the significant progress that's been made in terms of locking down client software, as well as educating users about digital threats and security best practices. Reports such as these demonstrate that email continues to be the primary vector of cyberattacks faced by organizations. Unfortunately, the weakest link in the wall of defenses against email intrusion, as in most other forms of cybercrime, is the users themselves. Even the variety of defensive capabilities now built into most email systems cannot do much to overcome the threat presented by employees who do not adhere closely to protocol.
Keys to email security
To tackle the most common weak point in your organization's cyber defenses, educate your employees on the latest best practices on how to avoid malware and phishing attacks. The Federal Trade Commission published a comprehensive guide for both business and personal use of email that is full of tips to keep entire organizations safe from the most common cyberattacks.
Strong passwords and password management
As with any other digital account, a strong password is the first and best line of defense against hackers or the possibility of a data breach. The latest recommendations on password creation urge users to aim for 12 characters that are unpredictable and contain a mixture of uppercase and lowercase letters, numbers and symbols. Passwords should not be any combination of words in the dictionary or any common number that would be easy to guess.
One of the most difficult aspects of safe password use involves setting a safe, unique password for every individual account that requires one. Before long, it can get exceedingly difficult to remember them all, and writing them down either on paper or in a digital document is not very secure. Many companies and personal email users now utilize a password management service to keep track of multiple passwords without compromising integrity. Password managers usually require their own unique password as well as at least one other factor of authentication – such as a code sent to the user's mobile device or biometric data – to confirm their identity.
If users can adhere to these password best practices, they will already be several steps ahead of the average email user. But the other most common point of entry for digital scammers, particularly in business email, is through attachments, links or the transmission of secure data using insecure methods.
It's imperative that all employees in a business know not to open emails from addresses they don't recognize. While most modern email clients are able to quarantine these emails to an extent even if they are opened, it's often better to air on the side of caution. Attached files are a primary point of entry for malware and other nefarious activities, but even images embedded into the body of an email could contain malicious code that will infect a user's device. To be safe rather than sorry, email users in businesses should simply refrain from opening files from unknown senders.
On a related note, the most important aspect of phishing prevention also is incumbent on user behavior. As a rule of thumb, passwords or other sensitive personal information should never be provided via email, text message or over the phone. Employers should clarify this rule with employees, and encourage them to be suspicious of any message urging them to give up their private information, even if it appears to be from a legitimate source. Phishing attacks continue to grow more sophisticated in terms of how they fool users into trusting them and thus divulging classified information.
Taking all of these steps together is often enough to make a company's email system impenetrable to the majority of digital threats out there. However, no one can ever assume they are completely safe, especially in larger organizations. Reach out to Teo Technologies to learn more about the latest best practices on UC security protocols and stay up-to-date with the biggest cyber threats facing organizations now.