Is your Business Technology Doing Enough to Combat Email Security Threats?
Two in three emails circulating the globe contain unwanted content, ranging from spam to malware. When you consider how many emails your organisation receives in one day, email is a cyber-criminal’s foot in the door. But while many organisations believe they are securing their email systems with antivirus software, in reality, they are not doing enough with their business technology.
The bottom line is a cyber attack or data leak from an email system can have a dramatic impact on an enterprise, and Australian businesses are increasingly at risk. Every day, hackers are devising new ways to get into your systems and steal business data. As a result, cyber-crime has increased by a massive 270% since 2015.
A real and growing threat
Businesses today cannot afford to ignore the growing risk to their data; the average cost of a cyber attack to a business is almost $US 300,000 and takes an average 23 days to resolve.
You only need to look at the headlines to see what happens when organisations don’t invest in the right business technology to protect their email security. Most famously, before the recent US Presidential Election, hackers took 50,000 emails and documents from the computers of the Democratic National Committee and Hillary Clinton campaign chief John Podesta.
With debates over who was behind the hacking aside, the affair highlighted Clinton’s meager approach to cyber security. WikiLeaks founder Julian Assange said a 14-year-old could have hacked Mr Podesta’s emails – especially because Podesta responded to a phishing email with his password, which was “password”.
Here are four key steps you can take to ensure that your organisation doesn’t experience the same security threats:
Know your enemy
Spam, phishing, spear-phishing, cline phishing, whaling – there’s a growing number of threats to email security. By educating your organisation on the latest threats, you can implement the right business technology and processes to stay ahead of the cyber-criminals.
The two common types of email security threat’s your business should be aware of are:
- Spear phishing: Spear phishing represents the most clear and present danger to organisations. Unlike phishing, this attack draws on familiarity. The criminal knows the name, email address, and at least a little about the victim. Once an employee’s trust is gained, the attackers send a spear-phishing email containing a link to a malware-laden or credential stealing website. The ultimate goal is for the cyber-criminals to obtain sensitive or valuable corporate data. Following the breach of 1 billion Yahoo accounts, experts say the Australian Government should now be expecting an increased number of spear phishing attacks, with criminals using data taken from the stolen accounts.
- Whaling: The next step up from spear phishing, whaling is a form of business email compromise (BEC). Cyber criminals impersonate the CEO, CFO or other C-suite members to dupe employees into making fraudulent payments or sharing confidential data. The success of attacks rests on the detailed research undertaken by hackers, who use public information about the company and its employers (usually via social media), to work out which employees handle money transfers and whom they should impersonate. According to global email security provider Mimecast, the losses from local whaling attacks in Australia have so far ranged from $5000 to $400,000.
Implement email security systems
It’s no longer enough to think your traditional antivirus software will protect your organisation. Antivirus can block some threats, but it simply cannot keep up with the pace at which cyber-criminals move. That’s why vendors, such as one of our preferred suppliers MailGuard, are working to provide new business technology to combat email security threats. MailGuard is a cloud-based email and web solution that predicts, learns and anticipates new threats as they emerge, enabling it to prevent fast-breaking zero-day threats.
Because it’s based in the cloud, MailGuard can apply immediate protection against new phishing, spear phishing and ransomware threats to your employees, wherever they are located. It can also work alongside antivirus and hosted email solutions, like Microsoft Office365.
One in four email users click on malicious content. So, as well as implementing the right business technology, it’s critical to educate employees on good security practices and increase their awareness of threats. Ensure employees understand the simple steps to protect their emails, such as using the spam filter, scanning email attachments and looking out for unusual language and domains. Training sessions on email security will provide a good foundation, but don’t stop there: use prompts and news updates to remind people of the threats and caution them of the risks.
Organisations need to ensure email security remains high wherever employees go. Employees today don’t just access emails at work; they are using connected devices to login to emails at home, at the train station, in a café – everywhere. Look to business technology such as MailGuard’s WebGuard, which can help protect against intrusions from personal accounts, as well as ensure that company email policies aren’t being circumvented on webmail sites such as Gmail.
With 673,000 Australian businesses experiencing cyber-crime and two out of three emails circulating the globe contain unwanted content, companies in Australia can’t afford to be at risk from email threats. Staples provides a range of business technology solutions to help you bolster email security and protect against rising cyber threats. To learn how Staples can support your business with an end-end-end software solution or to arrange a free consultation for your workplace, please click here.
Leon is passionate about adding value to businesses to help improve efficiencies, productivity and increase profits. He takes the time to understand today’s business challenges to build cost effective solutions for Staples customers.