Protecting email platforms from malware and cyberattacks is quickly becoming the most important fight in the battle for cybersecurity. While hackers and their destructive new malware, ransomware, and social engineering attacks are evolving by the second the need to protect the email gateway from these attacks has never been more important.
In this blog, we’ll take a look at five ways to improve your email security, prevent data loss and keep your employees and assets safe.
Why is email security important?
In 2020, the covid-19 pandemic and the resulting economic, social and political uncertainty, became a data bonanza for cybercriminals, resulting in an “85% overall increase in all categories of cybercrime for the year, including a more than 600% increase in phishing attacks.”
With workers removed from the watchful eyes of their ever-vigilant IT teams, and hackers vastly increasing the scope and scale of their attacks the need to protect the prime target for ransomware attacks has become a core priority for businesses large and small, and for good reason.
In a recent study of North American staffers, experts discovered that:
- 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials.
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means that a little over 7 out of every 10 clickers willingly compromised their login data.
- In just the first three months of 2020, workers were hit with 30,000 more “suspicious messages,” and a 667% increase in related spear phishing.
- At least 67% of breaches are caused by social attacks (such as phishing and compromised emails), errors and credential theft, according to Verizon’s 2020 Data Breach Investigations Report.
So, with threat clear, the question turns to: what can be done to ensure your business’s email gateway is prepared to defend against known and unknown cyber risk?
Update your security settings & apply patches
Before we dive into the innovative tech and creative approaches to preventing risk it’s essential to emphasize the importance of updating security settings, applying patches, and regularly requiring employees to apply systems updates. All the tech and advanced processes in the world can’t do anything if you don’t apply existing patches and update critical software.
According to the UK National Cyber Security Centre “patching remains the single most important thing you can do to secure your technology and is why applying patches is often described as ‘doing the basics’. But although applying patches may be a basic security principle, that doesn’t mean it’s always easy to do in practice.”
“Estimates vary, but it is generally recognized that around 80% of attacks use vulnerabilities for which patches already exist, and most use vulnerabilities which could have been patched over a year before the attack.”
Phil Quade, chief information security officer at Fortinet has astutely remarked that “Cybercriminals aren’t breaking into systems using new zero-day attacks, they are primarily exploiting already discovered vulnerabilities.”
Train your staff on common cyber threats: Think before you click
With nearly 90% of data breaches caused by human errors, the value of investing in even the most basic employee education can pay almost immediate dividends.
Cybersecurity is not an intuitive process, it involves the complex intersection of knowledge and technology to decrease risk and create a secure environment. Part and parcel of building a dynamic and secure cyber ecosystem for your organization require employees to regularly increasing their cyber know-how and learn about the changing state of cyber risk.
According to a recent PwC Survey, there is clear support among employees to strengthen cyber education programing. “73% of employees say their organization should take a leading role on cyber education in the communities where they work and live.”
And if you’re not taking the reins of your employees’ cyber education who is, (and how does that increase your cyber risk)?
According to the Third Annual Chubbs Survey of Cyber Risk:
- About 19% of respondents say they learn about cybersecurity protections through their employer
- Over 30 % say they most often learn about how to protect against cybersecurity risks from mainstream media
- 35% from family and friends
As a result, Chubb’s found that this “education gap” impedes employees and individuals ability to spot incoming attacks, “while 54% of respondents correctly defined ransomware, this was the only common form of attack that a majority of individuals could correctly identify.”
Use the best legacy cybersecurity products
Staying on the cutting edge is key to staying ahead of hackers, however, understanding tried and tested methods at securing your system will always be the key to maintaining effective email security. Legacy products such as anti-virus software, firewalls, scheduled systems updates, and the banning of non-approved software and apps on company devices can ensure that these security solutions can best protect you from malware.
For legacy systems to protect against known threats it’s essential “organization stay cognizant of ever-changing cybersecurity engineering challenges. While many legacy systems are secure from cyberattacks because they are not connected to networks, almost anytime significant capability is added it requires the addition of networking capabilities and the necessary cybersecurity controls.”
Keep an eye out for innovative tech solutions
While the use of legacy systems provides a significant layer of security it’s important to review and monitor new cyber security products, such as the new range of deep file inspection solutions, to ensure your network has the optimal threat protection.
By integrating deep file inspection product within your companies email application, users have an automatic sanitization and neutralization process. Deep file inspection or Content Disarm & Reconstruction solutions prevent malware from entering the critical infrastructure, even as an embedded file or corrupted aspect of the code within the attachment.
Consider the value of third-party security vendors
Native level security deployment can provide the most robust security protections for users however that shouldn’t limit buyers from seriously considering the value and malware protection capabilities of third party software vendors. In practice, these solutions can optimize the existing security protocols to the neutralize the threat of zero-day attacks, ransomware and other malicious file based attacks
According to Michael Osterman of Osterman research: “Third party solutions have far better accuracy in malware prevention and provide more dynamic functionality than standard EOP or ATP deployments. Third party solutions often implement cutting-edge technologies at a faster pace than Microsoft and have the ability to be more fluid in addressing specific sector needs.”
Making email security a reality
Whether it is enshrining employee education as the keystone to email security, applying and updating proven cyber security solutions, integrating new and cutting-edge technologies to your email defenses, or the consideration of new security vendors to meet the growing threats of ransomware and cyber criminals there is more than enough room to improve email security. With this blog, and the realizations therein we hope you’re now well on your way to improving email security for your business and customers.