How to maintain security when employees work remotely: Advice from Leading Security Experts

It is no secret that 2020 has been a year of rapid transformation for businesses. Companies worldwide have been forced to quickly become more digital in the way that they operate, and many have transitioned to a largely remote workforce. Businesses have become increasingly reliant upon inherently insecure cloud platforms like Microsoft 365 and Google Workspace to fulfill their communication and collaboration needs. While these changes have introduced certain advantages in terms of efficiency and productivity, they have also brought on significant challenges - namely, effectively securing cloud email in this increasingly complex and dangerous threat environment.

To help you secure your remote workforce online without a hiccup in productivity, we will begin by briefly examining the modern email threat environment. We will then explore top tips and advice for securing cloud email from leading security experts including Gartner, the FBI and Guardian Digital - the open source email security company.

 

The Modern Digital Threat Environment

Digital risk has skyrocketed, driven by sophisticated attacks targeting cloud email users. Cyber criminals recognize that email is the preferred method for sharing sensitive data and a key communication channel that businesses cannot afford to lose access to for any period of time. Rushed deployments of vulnerable cloud platforms, overworked IT staff and an increase in inadequately secured endpoints has provided threat actors with the perfect opportunity to trick employees working remotely into sharing sensitive credentials and downloading destructive malware on their systems.

 

Thirty percent of credential phishing attempts bypass existing cloud email security defenses and are opened by target users.

- United States Federal Bureau of Investigation (FBI)

 

Without layered supplementary security defenses in place, cloud email users are highly vulnerable to credential phishing attacks and account takeovers. The FBI reports that 30% of credential phishing attempts bypass existing cloud email security defenses and are opened by target users. And mistakenly opening a phishing email is more dangerous than ever - users are now three times more likely to click on a malicious link embedded in a phishing email and then disclose their account credentials than they were pre-COVID. 

 

Safeguarding Remote Workers Online: What The Experts Recommend 

When it comes to protecting your remote workforce in this heightened digital threat environment, email security should be the top priority, as over 90% of all cyberattacks begin with a phishing email. Effectively securing cloud email against targeted modern spear phishing, ransomware and CEO fraud attacks requires a multi-layered supplementary email security solution accompanied by ongoing, expert management, monitoring and support services.

 

A strategic approach to security that layers inbound, outbound and internal detection and remediation is essential to cloud email defense.

- Gartner

 

Microsoft and Google specialize in providing flexible, cost-effective cloud email services, but have proven to be incompetent in securing them. Built-in cloud email security defenses provided by Microsoft and Google are primitive, single-layered and insufficient in detecting and blocking today’s sophisticated and evasive attacks like fileless malware and email account compromise (EAC) scams. Due to the inherent uniformity of cloud platforms, cyber criminals can open any account and test their methods until they are able to bypass default filters. This uniformity then enables them to conveniently reuse the same attack on thousands of different accounts.

 

Cyber thieves are leveraging sophisticated COVID-related business email compromise (BEC) scams to steal credentials. Businesses should take immediate action to protect their users and their data by implementing critical additional layers of protection in Microsoft 365 and Google Workspace.

- United States Federal Bureau of Investigation (FBI)

 

To fortify Microsoft 365 and Google Workspace email against today’s advanced exploits, it is critical that businesses implement additional protection designed to seamlessly integrate with their existing infrastructure, filling key gaps in Microsoft and Google’s built-in defenses with additional layers of real-time security designed to work harmoniously to identify and respond to both persistent and emerging attacks. To safeguard the inbox and protect remote workers, Gartner security experts recommend “a strategic approach to security that layers inbound, outbound and internal detection and remediation”. The FBI has also continually emphasized the heightened importance of taking a defense-in-depth approach to securing business email, warning: “Sophisticated COVID-related business email compromise (BEC) scams are being used to steal credentials. Businesses should take immediate action to protect their users and their data and implement critical additional layers of protection in Microsoft 365 and Google Workspace.”

 

Securing business email is an ongoing process that requires around-the-clock monitoring, maintenance and support provided by a team of security experts. At Guardian Digital, we serve as the front line of defense against cyber thieves, becoming a permanent extension of each of our client's technical team.

- Dave Wreski, CEO, Guardian Digital

 

Businesses - especially SMBs who often lack IT resources and security expertise - should select an email security provider that offers managed services and accessible support. Failure to implement a solution accompanied by continual, expert management, system monitoring and support services often leaves businesses vulnerable to attack - even with supplementary email defenses in place. Guardian Digital CEO Dave Wreski explains: “An effective email security solution cannot simply be selected and purchased, leaving the responsibility of configuration and management in the hands of the administrator. Rather, securing business email is an ongoing process that requires around-the-clock monitoring and maintenance by a team of experts, dedicated to understanding the evolving risks businesses face and applying the specific real-time guidance necessary to each individual business. Wreski elaborates: “The unfortunate reality is that many email security solutions put the burden of setup, maintenance and system monitoring on the administrator. At Guardian Digital, we assume these responsibilities for our clients, simplifying administration and serving as the front line of defense against cyber thieves. We build on the protection that our all-in-one security suite - EnGarde Cloud Email Security - provides, becoming a permanent extension of each of our client's technical team.”

Although implementing a multi-layered solution accompanied by fully-managed services is the single most important step businesses can take toward protecting remote workers in this heightened digital threat environment, administrators should also convey the importance of engaging in safe online behaviors and cybersecurity best practices, including:

• Watch out for phishing, ransomware impersonation scams.
• Don’t rely on endpoint security like desktop antivirus alone - the endpoint should be the last line of defense. If something goes wrong, it provides malicious hackers with easy access to your system.
• Use a VPN to encrypt data between you and your server. When selecting a VPN, watch for pitfalls such as free VPNs which often carry inherent security flaws and privacy issues of their own.
• Setup two-factor or multi-factor authentication on any account that allows it, and never disable it.
• Ensure that your operating system and all applications are updated - remember that your operating system and applications are only as secure as their latest security patches.
• Be wary of emails from personal email addresses.
• Be cautious with links and attachments. Make sure that you have malicious URL protection and sender authentication protocols in place to protect against phishing, spoofing and impersonation scams. Ideally, these defenses should be implemented as part of a comprehensive, multi-tiered email security solution.
• Be careful with what you share on social media - it can give a scammer all the information he or she needs to guess your password or answer security questions.
• Think before you click! Take adequate time to thoroughly evaluate each email you receive before engaging with it in any way. Be wary of urgent requests pressing you to act quickly.

Ready to simplify administration and safeguard your remote workforce with a threat-ready, fully-supported cloud email security solution? Get A Quote>