Email Risk Is BIG for SMBs - How To Protect Your Business Now
- by Brittany Day
Email risk is big for small- and medium-sized businesses. Luckily, by understanding the threats you face and the measures you can take to defend yourself, you can make this risk significantly smaller.
The email threat landscape has been heightened due to COVID-19. Malicious actors are exploiting businesses’ “new reality” - increased dependence on cloud email, lack of IT staffing and funding and rushed deployments of vulnerable cloud platforms. This environment has provided cyber criminals with the ideal opportunity to up their attack game - and sophisticated campaigns designed to steal confidential business information and large amounts of money from victims have proliferated.
Small businesses are at a significant disadvantage: they lack the resources and the staff needed to keep pace with emerging threats, and email risk disproportionately large for these companies as a result.
Awareness is the first step in mitigating cyber risk. To help you and your business stay safe and successful in this difficult time, we’ve put together an overview of some of the most persistent and dangerous email exploits targeting SMBs - namely, phishing, ransomware and business email compromise (BEC), along with tips and advice for securing business email against them.
Threat #1: Phishing
A phishing campaign begins with a cyber criminal spoofing or compromising an email account, and then sending fraudulent emails from that account. In a successful attack, the recipient is tricked into either sharing sensitive information with the attacker or installing malware on his or her system.
Phishing can do serious damage in the form of data theft, financial loss and stalled business operations.
91% of successful cyber attacks begin with a phishing email.
How Can I Protect My Business?
- Think before you click!
- Be cautious with links and attachments.
- Beware of urgent requests and requests for personal information.
- Most importantly: Safeguard your inbox with a threat-ready cloud email security solution.
Threat #2: Ransomware
Ransomware is a costly type of malware designed to block access to a computer system until a specified ransom demanded by attackers is paid. The average ransomware demand is $84,000, with one-third of victims paying the ransom.
In a ransomware attack, a user receives a malicious attachment in a phishing email. When he or she downloads the attachment, ransomware is installed on his or her system and encrypts files - rendering them inaccessible to the user. The victim then receives a note from the attacker, demanding a ransom payment in untraceable bitcoin in exchange for the restoration of the locked files.
Ransomware can shake any business to the core with the loss of critical business information and documents, significant downtime, large recovery costs and serious reputation damage.
60% of small- and medium-sized companies that are hit with ransomware go out of business within six months of the attack.
How Can I Protect My Business?
- Stay on top of security updates.
- Approach unknown emails, websites or downloads with caution.
- Most importantly: Implement a reputable, multi-layered cloud email security solution.
Download this infographic to learn more about ransomware.
Threat #3: Business Email Compromise (BEC)
Business email compromise (BEC) is a sophisticated and highly targeted email scam in which an attacker compromises or impersonates an executive’s email account with the aim of obtaining access to sensitive business information or other key assets.
In a BEC attack, a malicious actor compromises or spoofs an executive email account and then sends fraudulent transfer instructions to a finance employee from this account. In a successful scam, the recipient is fooled into transferring funds to an account controlled by the attacker - and the attacker gets paid.
BEC can have severe consequences for organizations including financial loss, obliterated client trust and the compromise of sensitive data and critical business accounts.
High-speed trading firm Virtu Financial just recently revealed that it paid out $6.9 million as a result of a BEC attack that the firm suffered in May. In this malicious attack campaign, a cyber criminal quietly sat on the company's network for weeks - listening, watching and waiting. The threat actor then surreptitiously tampered with account settings and sent fraudulent emails, resulting in a transfer of funds to a Chinese bank.
Between 2016 and 2019, BEC resulted in $26 billion in reported losses for companies worldwide.
How Can I Protect My Business?
- Educate employees.
- Verify wire transfers.
- Protect corporate email accounts with two-factor authentication (2FA).
- Most importantly: Implement a threat-ready, multi-layered cloud email security solution.
Download this infographic to learn more about BEC.
Email-borne attacks are more problematic for businesses than ever, and SMBs are a favorite target among cyber criminals due to the fact that these organizations often lack adequate resources and expertise devoted to cyber security.
Luckily, with a comprehensive, fully-managed cloud email security solution in place, you can rest easy knowing that your business is protected around the clock with threat-ready email vigilance - even in the absence of a full-time IT department.
Ready to partner with an industry leader in safeguarding your users and your key assets? Speak with a security expert today.
Must Read Blog Posts
- Complete Guide to Email Viruses & Best Practices to Avoid Infections
- Microsoft 365 Email Security Limitations You Should Know
- Shortcomings of Endpoint Security in Securing Business Email
- What You Need to Know to Shield Your Business from Ransomware
- Demystifying Phishing Attacks: How to Protect Yourself Now
Latest Blog Articles
- How a Recession Will Change the Cybersecurity Landscape
- The Impact of Artificial and Human Intelligence on Email Security
- Ransomware Attacks on Schools Average 3 Weeks Downtime, 9 Months to Recover
- PCI DSS Compliance for Cloud Services - Everything You Should Know
- Email Security Best Practices to Safeguard Your Business in 2023
- Shadow IT and the Future of Cybersecurity
- Guardian Digital Perspective on Gartner’s Top Cyber Predictions for 2023
- Ransomware Gangs: Lapsus$
- What Is Deepfake Phishing?
- Is Your Organization Vulnerable to Account Takeover?