Over the past few months, you’ve probably become far more aware of your physical health and safety - but how much thought have you given to the security of your business email accounts in this heightened digital threat environment?
Inadequately secured email accounts provide cyber attackers with an open door into your business - frequently resulting in the compromise of sensitive data, lost productivity and serious reputation damage. Having an effective email security strategy in place is vital in keeping your business safe and successful - both while navigating this difficult, uncertain time, and while recovering from the COVID-19 crisis.
Businesses today are spending more than ever on email security to protect their users from cyber threats, but attacks are still getting through. Ransomware, phishing and account takeover attacks are up more than 60%, and now, with so many users working remotely, cyber criminals are taking full advantage of the confusion - and the pace of their attacks is accelerating. Guardian Digital CEO Dave Wreski elaborates, “Consistent with these findings, our EnGarde Cloud Email Security has identified and blocked more spear phishing emails in April of 2020 than in any other month in the company's twenty-year history. Now is definitely not the time to overlook the importance of securing business email with multi-layered, real-time protection.”
It has become more apparent than ever that email security should be a top priority for all businesses. Here are four tips for fortifying your email and safeguarding your business now and after COVID-19.
Address the fundamentals first.
When it comes to evaluating and improving their digital security posture, many businesses “miss the forest for the trees”. There is no reason to overcomplicate things - focus on the fundamentals to start. Email is threat actors’ preferred method of attack - accounting for 90% of all cyberattacks. Prioritize maintaining the integrity of your business email with an effective email security strategy. Implementing a comprehensive, fully-managed cloud email security solution that is able to keep pace with the rapidly-evolving threat landscape should be your main concern when looking to improve your company’s digital security posture. Security is a process, not a product. Choose an email security provider who will partner with your business, taking time to learn about key people and assets within your organization - ensuring that these targets are adequately safeguarded. Once an effective business email security solution is in place, you can then move on to considering other investments such as endpoint security, employee education and security awareness training.
Don’t rely on endpoint security alone.
A common misconception is that endpoint security alone is sufficient in protecting businesses from modern digital threats. In reality, your endpoints are your last line of defense, and if something goes wrong here, they are an easy target for threat actors. Endpoint security solutions are far more vulnerable to zero-day attacks than network security systems are because endpoint security solutions often lack the resources necessary to combat these advanced exploits. Moreover, with the implementation of endpoint security, each desktop must be fastidiously updated and managed - if one desktop somehow falls off and isn't updated or kept secure, it could potentially compromise the entire network. This is highly inconvenient, inefficient and downright unrealistic for many businesses. Finally, there is no reliable way to evaluate endpoint protection because it is typically only visible at the desktop level - leaving administrators with little insight into the security of their systems.
Fortify cloud email with additional layers of critical protection.
A defense-in-depth approach to security is essential in fortifying cloud email. Without critical additional layers of defenses, the default protection provided in cloud platforms such as Office 365 and G Suite is alarmingly inadequate - leaving users vulnerable to credential phishing, account takeovers and other advanced exploits. According to the FBI, “Thirty percent of phishing attacks make it through existing systems and are opened by target users.” It is no surprise that 92 percent of companies have at least one credential that’s been compromised. And amid the COVID-19 crisis, cloud email risk is heightened - the United States Department of Homeland Security has warned that rushed remote Office 365 deployments may lead to overlooked critical security configurations.
Invest in employee education and email security awareness training.
Employee education and security awareness training are essential aspects of a sound digital security strategy. If you are a CIO, administrator, or IT professional, you most likely understand the importance of email security, the value of sensitive data, and the consequences of a successful phishing attack or breach - but do your company’s employees share this understanding? The majority of insider breaches are the result of human error or negligence. Businesses can help mitigate this risk by sharing knowledge and values regarding digital security with their employees. Employees are a company’s first line of defense, and providing regular, comprehensive security training is the best way to strengthen this critical defense and minimize the risk of human error. That being said, it is crucial to remember that human behavior is ultimately unpredictable - especially in this new remote environment - and employee education and training is no substitute for safeguarding your email with a threat-ready, fully-supported solution.
Are You Engaging in These Email Security Best Practices to Help Protect Your Business?
Here are some behaviors that administrators, employees and users should practice to help mitigate email risk:
- Carefully review each email you receive - if an email appears suspicious in any way, make a phone call to the sender to confirm the legitimacy of the email or contact the sender with a new email, rather than just hitting reply.
- Verify shared links and scan all attachments for viruses or dangerous code.
- Ensure that your OS is patched and updated.
- Back up your files frequently and automatically and protect the back-ups you create.
- Think before you act! Slow down and take adequate time to thoroughly evaluate each email you receive before interacting with it in any way.
We have also assembled a list of tips and best practices for staying safe online while working remotely during COVID-19 that we recommend you share with your employees.