Email Risk Is Big for SMBs

Email risk is big for small- and medium-sized businesses. Luckily, by understanding the threats you face and the measures you can take to defend yourself, you can make this risk significantly smaller.

The email threat landscape has been heightened due to COVID-19. Malicious actors are exploiting businesses’ “new reality” - increased dependence on cloud email, lack of IT staffing and funding and rushed deployments of vulnerable cloud platforms. This environment has provided cyber criminals with the ideal opportunity to up their attack game - and sophisticated campaigns designed to steal confidential business information and large amounts of money from victims have proliferated.

Small businesses are at a significant disadvantage: they lack the resources and the staff needed to keep pace with emerging threats, and email risk disproportionately large for these companies as a result.

Awareness is the first step in mitigating cyber risk. To help you and your business stay safe and successful in this difficult time, we’ve put together an overview of some of the most persistent and dangerous email exploits targeting SMBs - namely, phishing, ransomware and business email compromise (BEC), along with tips and advice for securing business email against them.

Is it Worth the Risk?

over 90% of modern cyberattacks begin with a phishing email, and the majority of email attacks don’t discriminate based on the size of your company - although threat actors are arguably shifting their focus to smaller victims. Statistics show that SMBs are the most popular target for ransomware, and a successful attack can result in significant downtime, hefty recovery costs, large fines and ruined reputations - repercussions that can shake any business to the core. Sixty percent of small businesses are unable to recover and go out of businesses within six months of getting hit with ransomware.

Threat #1: Phishing

a fish hook on computer keyboard representing phishing attack on computer systemIn a phishing scam, a threat actor poses as a reputable individual or organization and sends fraudulent emails with the aim of obtaining sensitive data or infecting systems with destructive malware.

A phishing campaign begins with a cyber criminal spoofing or compromising an email account, and then sending fraudulent emails from that account. In a successful attack, the recipient is tricked into either sharing sensitive information with the attacker or installing malware on his or her system.

Phishing can do serious damage in the form of data theft, financial loss and stalled business operations.

The Numbers

91% of successful cyber attacks begin with a phishing email.

How Can I Protect My Business?

  • Think before you click!
  • Be cautious with links and attachments.
  • Beware of urgent requests and requests for personal information.
  • Most importantly: Safeguard your inbox with a threat-ready cloud email security solution.

Threat #2: Ransomware

Ransomware is a costly type of malware designed to block access to a computer system until a specified ransom demanded by attackers is paid. The average ransomware demand is $84,000, with one-third of victims paying the ransom.

In a ransomware attack, a user receives a malicious attachment in a phishing email. When he or she downloads the attachment, ransomware is installed on his or her system and encrypts files - rendering them inaccessible to the user. The victim then receives a note from the attacker, demanding a ransom payment in untraceable bitcoin in exchange for the restoration of the locked files.

Ransomware can shake any business to the core with the loss of critical business information and documents, significant downtime, large recovery costs and serious reputation damage.

The Numbers

60% of small- and medium-sized companies that are hit with ransomware go out of business within six months of the attack.

How Can I Protect My Business?

Threat #3: Business Email Compromise (BEC)

Business email compromise (BEC)business corporate protection safety security concept is a sophisticated and highly targeted email scam in which an attacker compromises or impersonates an executive’s email account with the aim of obtaining access to sensitive business information or other key assets. 

In a BEC attack, a malicious actor compromises or spoofs an executive email account and then sends fraudulent transfer instructions to a finance employee from this account. In a successful scam, the recipient is fooled into transferring funds to an account controlled by the attacker - and the attacker gets paid.

BEC can have severe consequences for organizations including financial loss, obliterated client trust and the compromise of sensitive data and critical business accounts.

High-speed trading firm Virtu Financial just recently revealed that it paid out $6.9 million as a result of a BEC attack that the firm suffered in May. In this malicious attack campaign, a cyber criminal quietly sat on the company's network for weeks - listening, watching and waiting. The threat actor then surreptitiously tampered with account settings and sent fraudulent emails, resulting in a transfer of funds to a Chinese bank.

The Numbers

Between 2016 and 2019, BEC resulted in $26 billion in reported losses for companies worldwide. 

How Can I Protect My Business?

Threat #4: Email Account Compromise (EAC)

Account compromise, also known as Email Account Compromise (EAC), is a cyber attack aimed at fully compromising a user's email account and gaining access to their inbox. Attackers employ various techniques to execute this attack, including malware, phishing, and brute force password spraying. Once an account is compromised, the attacker can exploit it to send phishing emails, access sensitive information, or carry out further malicious activities.

The Numbers

65% of organizations faced email account compromise attacks in 2020.

How Can I Protect My Business?

  • Implement multi-factor authentication
  • Strengthen passwords
  • Regular security awareness training

Guardian Digital EnGarde Cloud Email Security: Enterprise-Grade Email Protection for SMBs

EnGarde ShieldGuardian Digital recognizes the heightened risk that small businesses face, and acknowledges that securing email accounts can be a challenge for small companies. For decades, we have been providing our clients - which range from small businesses to enterprises - with exceptional, affordable protection from the latest email-borne threats. 

Unlike any other provider, we employ a collaborative, transparent approach to software development, which enables us to access tools and resources from a vibrant, worldwide community in a way that no other vendor can. Through this unique and beneficial approach, we are able to offer flexible, cost-efficient and highly effective protection to SMBs and enterprises alike.

While other email security providers promote frequent patches and updates in an effort to keep up with rapidly evolving threats, our solution - EnGarde Cloud Email Security - automatically stays a step ahead of the latest threats - constantly updating in real-time as opposed to relying on patches.

At Guardian Digital, we view email security as a process, not a product. We build a relationship with each of our clients, taking ample time to learn about their key assets and specific needs. Our scalable, fully-managed solution seamlessly integrates with businesses’ existing email infrastructure and is accompanied by the expert, ongoing support required to keep your business secure and productive.

EnGarde uniquely provides your business with:

  • Multi-layered Protection: Multiple security features and technologies intentionally added to an inherently secure foundation are more effective than any single piece of security software. 
  • Lower Cost of Ownership: Transparent source code keeps both start-up and ongoing costs down and minimizes the cost of ownership for clients.
  • Rapid Return on Investment (ROI): This adaptive program offers quick and seamless implementation and easily integrates with Microsoft 365 and Google Workspace, providing critical additional protection in these vulnerable platforms.
  • Community-Powered Email Vigilance: Our collaborative approach to software development gives our expert engineers access to tools and resources from far beyond our borders - resulting in superior protection for our clients.

Final Thoughts on SMB Email Security

Email-borne attacks are more problematic for businesses than ever, and SMBs are a favorite target among cyber criminals due to the fact that these organizations often lack adequate resources and expertise devoted to cyber security. 

Luckily, with a comprehensive, fully-managed cloud email security solution in place, you can rest easy knowing that your business is protected around the clock with threat-ready email vigilance - even in the absence of a full-time IT department.

Must Read Blog Posts

Latest Blog Articles

Recommended Reading