Billions of emails are being sent daily but not every email being sent is safe. In fact, spam mail remains a popular choice for distributing malware. It’s no wonder that 80% of organizations are very concerned about their ability to reduce email threats.
Source: Help Net Security
Viewing Emails as a Threat
There are several ways your email can become a security risk for your organization. A hacker who manages to compromise an email account can cause further damage by impersonating an employee to spread malware or gain access to your client’s information. Depending on the email threat, you could lose important data, pay massive fines or face possible downtime. As an organization, you need to make sure that you are using email smartly. Here are 3 ways your email can be a security risk:
1. No encryption: Email is inherently an insecure method of communication. All mail is sent through Simple Mail Transfer Protocol (SMTP), which does not use encryption or authentication. Although webmail (like Gmail) and other systems (like Microsoft Exchange) use their own security protocols when you access mail on their servers, SMTP is used when sending or receiving mail outside of their systems. Email sent through SMTP can be accessed by outsiders due to the lack of security protocols.
2. Ransomware/malware: Inboxes are constantly targeted by spam and phishing emails on a daily basis. While simply having these malicious emails in your inbox is not dangerous, it can lead to consequences. Employees can either accidentally or unknowingly click on a malicious link, causing malware to enter your network.
3. Data leaks: Accidental data leakage due to an unintentional error is, unfortunately, very common and can happen in a variety of ways. An employee can accidentally mistype an email address or copy the wrong person to an email chain. Or they may hit the wrong button when trying to send an email. For example, a police officer in Gloucestershire, England accidentally revealed personal identifiable information of victims in a case. Instead of using bcc to hide the victims’ information, they copied it into the sender list. This means everyone who received the email had access to this confidential information. As a result, the Gloucestershire Police faced a fine of £80,000 (about $136,000 Canadian).
What Can I Do?
Since email is familiar, it can be easy to forget that it can make your organization vulnerable. 80% of organizations have experienced an email attack in the past year, meaning all organizations need to recognize email as a risk. This means you need to incorporate proper security measures for your email. Here are three email security best practices:
1. If it’s not needed, delete it: The best way to prevent data leakage is to have no sensitive information available in the first place. Employees should not leave confidential data inside their inbox. As soon as the information is no longer needed, it should be deleted immediately. Most places would shred important documents to prevent them from getting into the wrong hands. The same must be done for emails.
2. Beware of shoulder surfing: 85% of organizations allow their employees to use their own devices to access corporate data. However, this can lead to a wide range of security problems for organizations. One such problem is shoulder surfing, a technique used to obtain information by looking over a person’s shoulder. Employees need to be aware of prying eyes when they are using their devices to access emails outside of office. They should also be wary of shoulder surfing within the office from malicious insiders or rogue threats.
3. Secure your inbox and email gateway: The onus for email security should not just lie on your employees. You need to couple cyber aware staff with advanced technology. Using a secure email solution like Secure IT – Mail will scan incoming emails for threats and detect suspicious activity like multiple log ins. This adds an essential security layer to your email.