Article by
Gildas Jones

Email is a very noisy data highway with over 124 billion business emails exchanged daily. Naturally, this creates a massive honey pot for would-be cybercriminals. Nearly all malware attacks are delivered through email, with phishing attacks–theft cons that target users through email–represent 80 percent of all security incidents.

3/30/2020

Email Security – How to Protect Your Small Business

Email Security – How to Protect Your Small Business

Email is the de facto medium for communication in the digital age. It’s a very noisy data highway with over 124 billion business emails exchanged daily. Naturally, this creates a massive honey pot for would-be cybercriminals. Nearly all malware attacks are delivered through email, with phishing attacks–theft cons that target users through email–represent 80 percent of all security incidents.

Don’t think it’s just big companies that are targeted either. Criminals know how to exploit the vulnerable. Over half of malware targets are small business owners, many of whom don’t have the same protections in place as large enterprises. The effect can be devastating: an attack can cost a small business up to £27,500 in damages.

With so much on the line, SMBs need to keep themselves abreast of the most pressing email threats–and how to defend against them.

Vague or Non-Existent Data Sharing Policies

The past couple of years have shown the indiscriminate nature of cyberattacks. In response, even modest sized businesses are beefing up their security. Many now have a dedicated cybersecurity professional, a position once thought reserved for the Googles and Amazons of the world.

Yet SMBs are still behind in terms of data privacy and sharing practices. Only 16 percent have a permissions system in place for sensitive data.

Take the stingier approach to data sharing. Make sure only people who need the data are CC’ed or BCC’ed on the email. Limiting access on a need-to-work basis reduces the threat surface in the event that an employees’ email is compromised.

Lax Employee Training against Phishing

We’d like to think of ourselves as shrewd folks who can’t be fooled, but in reality spotting phishing attempts are much harder. Too many still think of Nigerian prince scams when it comes to email scams. Yet cybercriminals have long moved on from such obviously sketchy spiels.

Nowadays hackers have adopted more sophisticated schemes in an effort to dupe defences significantly less foolproof than firewalls: the human brain. Their methods are constantly evolving in an effort to appear legitimate, tapping into every psychological trick such as appealing to authority to lower our guards. The latest iteration? Criminals attempting to use the Coronavirus crisis as a way to steal information (there really isn’t anything they won’t exploit).

Mounting an effective defense against bad actors means staying one step ahead of constantly changing cons. It takes regular training to unlearn dangerous email habits, such as clicking links automatically, or glossing over the sender’s email address.

Outdated Software Updates

Cybercriminals looking to steal sensitive information from your emails don’t always come through the front door. Hackers can move laterally from outdated apps and software. From there, the most terrifying malware can take control of the entire device, including getting into emails.

Updating can be as easy as hitting “Update Now” when prompted. But even the best of us have hit Maybe Later instead amidst the bustle of a busy day. Over half of devices used by small to mid-sized businesses are running on outdated or nearly expired software. Some 30 percent are hosting their emails on servers that have been unsupported for a decade.

Next time your work apps or Google and Apple ask if you want to update your system, don’t hit remind me later–do it now. Conduct regular patching checks to make sure you’re not leaving any easily exploited gaps in your security. If you’re working with a remote workforce, ensure your team is using the latest versions of your business apps.

Using Servers with Poor Security

Many of us foist our entire work communications onto Google’s free email client without a second thought. After all, it’s easy to pass on the responsibility of security onto corporations that sink billions into data security.

But being a little more discerning may pay dividends in the long run. Yahoo was once at the forefront of security. All employees got a crash course on security. It’s security team was called The Paranoids. Yet all the paranoia in the world didn’t save them from the data breach that compromised over 1 billion users.

SMBs looking to tighten security measures may want to look at alternative email clients. Some notable examples are Inky, which leverages the power of AI to block phishing attempts. Germany-based Tutanota offers end-to-end encryption, from the subject header of your emails to your calendar. Businesses who deal with highly sensitive user data may even want to consider using private physical servers amongst team members for added security.

Failing to Secure beyond the Workplace

Threats don’t only lurk behind computer screens. Physical theft and lost devices are real nightmares for security. In London alone people lose tens of thousands of devices on buses and trains, each lost phone, tablet, or laptop representing a gold mine of data.

These incidents extend beyond the reach of firewalls. But that doesn’t mean businesses are at the complete mercy of a misplaced phone. Password management software like LastPass makes cracking passwords difficult, even if the user is already logged in. You could also enforce session timeouts, to further reduce the likelihood of sensitive emails lying bare to anyone who picks up your employee’s lost device.

Email is a crucial tool for many facets of business–from communication to sales and marketing. Having good email security hygiene is necessary for keeping your operations secure in an age of big data and increasingly crafty cybercriminals.

Email security has become something even harder to ignore for small businesses since the advent of GDPR. To find out more on this check out our recent blog article. Or for more information on how to protect your business from email scams, get in touch with us today.