How to maintain security when employees work remotely: Advice from Leading Security Experts
- by Brittany Day
To help you secure your remote workforce online without a hiccup in productivity, we will begin by briefly examining the modern email threat environment. We will then explore top tips and advice for securing cloud email from leading security experts including Gartner, the FBI and Guardian Digital - the open source email security company.
The Modern Digital Threat Environment
Digital risk has skyrocketed, driven by sophisticated attacks targeting cloud email users. Cyber criminals recognize that email is the preferred method for sharing sensitive data and a key communication channel that businesses cannot afford to lose access to for any period of time. Rushed deployments of vulnerable cloud platforms, overworked IT staff and an increase in inadequately secured endpoints has provided threat actors with the perfect opportunity to trick employees working remotely into sharing sensitive credentials and downloading destructive malware on their systems.
Thirty percent of credential phishing attempts bypass existing cloud email security defenses and are opened by target users.
- United States Federal Bureau of Investigation (FBI)
Without layered supplementary security defenses in place, cloud email users are highly vulnerable to credential phishing attacks and account takeovers. The FBI reports that 30% of credential phishing attempts bypass existing cloud email security defenses and are opened by target users. And mistakenly opening a phishing email is more dangerous than ever - users are now three times more likely to click on a malicious link embedded in a phishing email and then disclose their account credentials than they were pre-COVID.
Safeguarding Remote Workers Online: What The Experts Recommend
When it comes to protecting your remote workforce in this heightened digital threat environment, email security should be the top priority, as over 90% of all cyberattacks begin with a phishing email. Effectively securing cloud email against targeted modern spear phishing, ransomware and CEO fraud attacks requires a multi-layered supplementary email security solution accompanied by ongoing, expert management, monitoring and support services.
A strategic approach to security that layers inbound, outbound and internal detection and remediation is essential to cloud email defense.
Microsoft and Google specialize in providing flexible, cost-effective cloud email services, but have proven to be incompetent in securing them. Built-in cloud email security defenses provided by Microsoft and Google are primitive, single-layered and insufficient in detecting and blocking today’s sophisticated and evasive attacks like fileless malware and email account compromise (EAC) scams. Due to the inherent uniformity of cloud platforms, cyber criminals can open any account and test their methods until they are able to bypass default filters. This uniformity then enables them to conveniently reuse the same attack on thousands of different accounts.
Cyber thieves are leveraging sophisticated COVID-related business email compromise (BEC) scams to steal credentials. Businesses should take immediate action to protect their users and their data by implementing critical additional layers of protection in Microsoft 365 and Google Workspace.
- United States Federal Bureau of Investigation (FBI)
To fortify Microsoft 365 and Google Workspace email against today’s advanced exploits, it is critical that businesses implement additional protection designed to seamlessly integrate with their existing infrastructure, filling key gaps in Microsoft and Google’s built-in defenses with additional layers of real-time security designed to work harmoniously to identify and respond to both persistent and emerging attacks. To safeguard the inbox and protect remote workers, Gartner security experts recommend “a strategic approach to security that layers inbound, outbound and internal detection and remediation”. The FBI has also continually emphasized the heightened importance of taking a defense-in-depth approach to securing business email, warning: “Sophisticated COVID-related business email compromise (BEC) scams are being used to steal credentials. Businesses should take immediate action to protect their users and their data and implement critical additional layers of protection in Microsoft 365 and Google Workspace.”
Securing business email is an ongoing process that requires around-the-clock monitoring, maintenance and support provided by a team of security experts. At Guardian Digital, we serve as the front line of defense against cyber thieves, becoming a permanent extension of each of our client's technical team.
- Dave Wreski, CEO, Guardian Digital
Businesses - especially SMBs who often lack IT resources and security expertise - should select an email security provider that offers managed services and accessible support. Failure to implement a solution accompanied by continual, expert management, system monitoring and support services often leaves businesses vulnerable to attack - even with supplementary email defenses in place. Guardian Digital CEO Dave Wreski explains: “An effective email security solution cannot simply be selected and purchased, leaving the responsibility of configuration and management in the hands of the administrator. Rather, securing business email is an ongoing process that requires around-the-clock monitoring and maintenance by a team of experts, dedicated to understanding the evolving risks businesses face and applying the specific real-time guidance necessary to each individual business. Wreski elaborates: “The unfortunate reality is that many email security solutions put the burden of setup, maintenance and system monitoring on the administrator. At Guardian Digital, we assume these responsibilities for our clients, simplifying administration and serving as the front line of defense against cyber thieves. We build on the protection that our all-in-one security suite - EnGarde Cloud Email Security - provides, becoming a permanent extension of each of our client's technical team.”
Although implementing a multi-layered solution accompanied by fully-managed services is the single most important step businesses can take toward protecting remote workers in this heightened digital threat environment, administrators should also convey the importance of engaging in safe online behaviors and cybersecurity best practices, including:
- Watch out for phishing, ransomware impersonation scams.
- Don’t rely on endpoint security like desktop antivirus alone - the endpoint should be the last line of defense. If something goes wrong, it provides malicious hackers with easy access to your system.
- Use a VPN to encrypt data between you and your server. When selecting a VPN, watch for pitfalls such as free VPNs which often carry inherent security flaws and privacy issues of their own.
- Setup two-factor or multi-factor authentication on any account that allows it, and never disable it.
- Ensure that your operating system and all applications are updated - remember that your operating system and applications are only as secure as their latest security patches.
- Be wary of emails from personal email addresses.
- Be cautious with links and attachments. Make sure that you have malicious URL protection and sender authentication protocols in place to protect against phishing, spoofing and impersonation scams. Ideally, these defenses should be implemented as part of a comprehensive, multi-tiered email security solution.
- Be careful with what you share on social media - it can give a scammer all the information he or she needs to guess your password or answer security questions.
- Think before you click! Take adequate time to thoroughly evaluate each email you receive before engaging with it in any way. Be wary of urgent requests pressing you to act quickly.
Ready to simplify administration and safeguard your remote workforce with a threat-ready, fully-supported cloud email security solution? Get A Quote>
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- 16 Business Communication Tips to Drive Engagement and Improve Relationships
- Critical Steps to Take When Your Content Is Being Shared or Sold Illegally
- How To Spot A DocuSign Scam Email
- What To Do If Your Business Email Gets Hacked
- Why Do Over 90% of Cyberattacks Begin with an Email?
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- Why Is Machine Learning (ML) Beneficial in Security?
- What Is a Cyberattack?
- Cyber Risk Is On the Rise: How To Ensure Preparedness
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry