Protecting your business from email security threats
Daniel Richardson, CTO at Exclaimer discusses why email should not be overlooked when it comes to protecting your business.
Email is vital for business communication and reliance on it has skyrocketed amid the global pandemic. However, as we send more valuable information through this channel, the threat of data theft by cyber-criminals grows dramatically.
Because active inboxes are constantly sending and receiving data, criminals have the option of targeting outgoing emails or drawing information out of employees indiscriminately using phishing emails.
In this article, I will be exploring the common pitfalls of email security for employees and how companies can safeguard their businesses from external threats.
The ‘spam’ effect
Employees and businesses often neglect the effects of spam. Despite over 50 percent of emails being spam, the effects they can have are often overlooked.
The reality is that businesses can lose a lot of time and money fixing the problems that are caused by malware/spam attacks, designed to crash your servers or steal data.
If your email address is targeted by spammers, the best thing to do is not respond to any messages as this shows cybercriminals that the address is active. To be even safer and minimise cyber-threats that are looking to compromise your cyber-security, never open suspicious-looking emails.
Another trick to overcome a daily flurry of spam emails is to change your filter settings, allowing questionable emails to be redirected to a separate mailbox which can be quickly emptied. This will prevent you from getting trigger-happy with the delete button and accidentally getting rid of important documents.
Re-evaluating BYOD policies
The demand amongst employees for flexible/remote working options has increased greatly. So much so, that the BYOD market is looking to reach a global value of $367 billion by 2022 – a staggering growth of 18 percent.
The challenge with a BYOD policy is setting up employee’s devices correctly, which can be both costly and complex. According to Druva, an alarming 75 percent of employees access corporate files on personal devices, which are almost never protected. It’s also difficult to monitor email security across employees’ personal devices and control how they’re used outside the office without heavily infringing on their privacy.
Luckily, there are steps you can take to protect data and confidential emails if you or your team are working from home during the pandemic.
It could be worth making it compulsory for employees to have Mobile Device Management (MDM) software installed on their personal devices. This allows companies to have greater control over the range of tech used by employees. With MDM systems in place, workers can access company information in one secure location that is separate from their personal applications.
This not only means employees can use their devices for personal and business use without compromising the security of corporate data. It also maintains employee privacy as individuals can keep their documents and text messages private and confidential.
It’s also important to make sure that basic security software is installed on every employee’s device. Password protected files, firewalls, and anti-virus software should be standard across all personal devices if you’re accessing company files. This is important if an employee loses their device. With 70 million devices lost each year, the data on them must be secure in case they fall into the wrong hands.
Be aware of your email signatures
Email signatures are a valuable tool. They greatly assist with brand marketing, add a touch of professionalism to your organisation, and help establish a corporate identity in the business world.
It’s important to follow the basic rules of designing an effective email signature. This includes putting in only the necessary contact details along with a small, yet distinguishable colour palette. Avoid putting links to private social media accounts, personal phone numbers and addresses on there – this could attract some unwanted attention.
Overall, it’s a factor that shouldn’t be overlooked because it could be very costly. There have been some instances where a company’s email was deemed ‘legally binding’ because of the contents of an automated signature.
To avoid a costly mistake like this happening to your organisation, it helps to centralise email signatures into an easy-to-use hub. This can be done by investing in an email signature management solution.
Once set up, these systems ease the burden of ensuring that the details of the relevant senders are all up-to-date and any necessary disclaimers are put in place. For example, statements to let people know the views expressed in the email are not a reflection of the company, but the sender. It should also include relevant copyright and confidentiality statements.
Companywide training
When it comes to defending against phishing/spam email, the onus usually falls on the individual to manage their inbox. Because over 30 percent of phishing emails make it past default security services, it takes an extra level of vigilance to make sure any nasty malware doesn’t sneak into your system.
To do this, you need to provide regular training to help employees spot the signs of fraudulent emails and phishing attacks. The most effective way to do this is by organising some form of external training; whether that be a seminar-workshop or a company coming in to provide hands-on training.
These make learning and personal development less tedious while simultaneously increasing employee buy-in to these schemes. To maintain high-security standards, training should be short but regular, to help buy-in and refresh on missing skills.
Training should focus on the most relevant issues to your business and the ones easiest to implement. Those that send and receive lots of data daily should prioritise their training around identifying phishing emails and spotting fraudulent content.