Call us on 0808 500 1436

Your business doesn’t understand email security — 4 ways to tackle it

As an IT professional, no doubt you’re familiar with the ongoing security risks with business email, but the remainder of your business might not be. Despite rumours to the contrary, email is still an incredibly popular form of corporate communication. But, with one in every 100 emails disguising a hacking attempt and the majority of workers unfamiliar with the security flaws of emails, organisations must be extra vigilant to the risks.

We’re seeing an influx of SAML-based SSO business collaboration tools like Slack, yet a huge amount of sensitive information is still shared via email. And, to the majority of your workforce, email is perceived as the most trusted, secure and reliable mode of communication. Despite this, when it comes to securing email communications, many organisations tend to rely on legacy, rule-based security platforms.

Here’s what your staff may not be on the lookout for, and how to keep your internal and external email services secure:

Phishing attempts

Does your whole workforce know what a phishing attempt is, and what to look for?

With phishing, the goal of the perpetrator is to fool the recipient into providing personal information. To you, the signs may be obvious, but this may not be the case for less technical staff members. Preying on the least vigilant, the hacker’s job is made far easier when the staff member is blind to the key signs of a ‘phishy’ email. And this could be anyone from members of the C-suite to your summer interns.

The simplest solution? Run regular (and thorough) phishing vigilance workshops to educate all your staff. If your business has a high staff turnover, once a year is probably not often enough.

In your training, provide multiple visual examples. Explain never to pass over sensitive usernames, passwords, internal information or credit card numbers. It’s worth also outlining that some phishing emails are incredibly realistic, trying to hoax users into believing that their business account, password, or credit card has been compromised, directing them to a fake site.

Ensure your staff know who to contact — and not what to do — if they suspect a phishing attempt.

Viruses

Your staff may have heard of a Trojan, but do they know when and how they may be at risk?

Although ransomware, Trojans and worms can originate from a number of external sources, most malicious viruses can find the way into business systems through your workers’ email attachments and compromised links.

Most viruses are activated when your users open an attachment or clicks a link, but if your email client allows scripting, they can receive this virus by simply opening a message. But, how can your staff be aware of suspicious content before they’ve even opened their mail?

As you probably know, the safest way to view email messages is in plain text. Yet not all your staff will be prepared to change their view settings for security reasons. In that case, it’s essential that your email security software has next-generation firewalls and robust email filtering to catch such emails at the source. This should include antispam and antivirus services which examine your emails, searching for and removing viruses, Trojans and worms.

Email hacking

Sophisticated hacks can be incredibly tricky for your operational staff to spot, particularly if they’re expecting communication from a real businesses that’s used as a spoof.

In 2017, there was a huge surge in the number of email intercept fraud cases. In many cases, criminals hacked into real accounts and emailed their customers, masquerading as an employee from that business. As you know, these threats are evolving in sophistication and emerging every day.

“Email hacking due to increased use of web-based mail applications and a lack of basic security controls amongst SMEs will lead to a huge increase in social engineering scams. Cyber criminals will craft increasingly convincing emails to con unwitting recipients into transferring funds directly into the criminals’ bank accounts.”

Graeme Newman, chief innovation officer at CFC Underwriting

So, what is the best solution from a technical position? Ensure your managed or internal security solution has a sandboxing feature.

There are dozens of new email threats that appear every single day, many not yet discovered by email filters. Whilst traditional inbound email filters scan for known malicious senders, URLs and file types, sandboxing ensures any email that passes the filter containing unknown components can be tested before they reach your network or mail server.

The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.

Misaddressed emails

To your staff, it’s just an innocent typo. To your business, it could generate a mission-critical data breach.

Your business doesn’t understand email security — 4 ways to tackle itAccording to IBM, 95% of all security incidents and data breaches involve some level of human error. This can be as simple as an address typing error, which then puts sensitive information directly in the hands of a perpetrator.

In fact, misaddressed email was one of the biggest forms of data loss, last year. Such data breaches — those that are a result of human error — are unhostile and unmalicious. But if anything, this makes them harder to prevent, and the consequences can be just as catastrophic as an external hack.

A misaddressed email can be blamed on any number of factors, including human laziness and email autocomplete gone awry. You can, firstly, impress upon your staff the importance of re-reading and confirming their send addresses. But on top of this, consider the strength of protection against accidental misuse in your security solution.

For example, Touch Secure, Intercity Technology’s managed, cloud-based Security as a Service (SECaaS), has layers of security between end users and the Internet, protecting against accidental misuse by external and internal agents.

The answer? Education and technology.

Despite the increased risks, email will continue as a popular form of business communication for many years to come. And it will continue to be trusted and relied upon by all your workforce.

So, ensure you have regular and thorough staff education. Advise your email users:

  • Never to open anything that is attached to an email message, or send over critical information, unless they recognise the sender and the contents of the file.
  • If they receive an attachment from a familiar email address, but were not expecting it, they should contact the sender before opening the attachment.
  • If they receive a message from an unknown user with an attachment, they should just delete the message.

Secondly, it’s imperative to keep your email security services up-to-date and ensure they are up to the task. If your business is lacking a set of reliable internal security controls, why not work with a trusted a third-party security provider insead?

For example, Touch Secure is a managed, next-generation SECaaS which provides control over all your IT applications and email services. It includes sandboxing features, robust intrusion protection as well as traditional firewall features, and anti-spam filters.

So, as an IT professional, you may be fully-aware of the high-profile risks associated with emails, but don’t assume your staff are as up-to-speed. You may never entirely eliminate the risks of email security, but with internal education as well as cloud-based SECaaS, you will cover as many bases as possible.

Subscribe to our thinking

Up next

Algorithms or Attitude? Being Human in the World of Tech

Robots. AI. Machine Learning.

The world of tech has become decidedly ‘un human’. Machines are increasingly ‘talking’ to each other and developing a new language, because English was just too long winded.

AI Chatbots are another recent tech innovation. Fantastic for time stretched recruiters in guiding an applicant through a process – but for anything that requires nuance or a sense of humour? They’re almost like that lady barking ‘unexpected item in bagging area’ at you whilst you’re scrambling to escape from the behemoth that is a Tesco Extra store.

So why, oh why, oh why are inboxes up and down the country flooded with sales emails that sound like they could have been knitted together by the paperclip assistant from Microsoft Word circa 2000? Generic. Bland. Uninspired. The list could go on and on. Maybe it’s being immersed in the industry – but these emails, scripted calls and cold InMail’s seem particularly rife in the technology market.

 Being Human in the World of TechAlthough they won’t admit to it, a lot of managed service providers and value-added resellers sell (generally) the same stuff. Ok, the nitty gritty might differ – a different firewall provider here, a different coding language there – but to the uninitiated, they aren’t exactly key selling points.

After all, if you’re selling the basics like ISDN or in fact anything that requires the ancient system of copper wiring under the UK’s streets, then you’re just reselling Openreach. So, to the end user, it usually boils down to one of two things: the price, or the salesperson.

Price is a tough one to work with. After all, if two VoIP systems look identical, sound identical and for all intents and purposes are identical – why spend more?

There’s a big difference in spending £15 per user and spending £20 per user – in a company one hundred people strong, that’s a difference of £500 per month and £6000 a year. That’s a big chunk of cash for a small business.

The issue, as you may have noticed, is that the focus on price has led to a ‘race to the bottom’ situation, where businesses compete to see who can provide the cheapest solution. Not the best service, not an inherently different product, simply the cheapest product.

Subscribe to our thinking

So that leaves us with the salesperson and brings us nicely back round to those emails mentioned earlier. ‘People buy from people’ is a tired cliché – and yet, it doesn’t get overused for no reason. Of course, this is hyperbolic, but imagine you have the choice between buying a new car from two salespeople.

Salesperson one, knows their product, is £20 a month cheaper than their competitor but has all the charisma, passion and excitability of a teaspoon. Salesperson two, is £20 a month more expensive than the other one but has a real passion for their product, is witty and fun to be around and clearly enjoys what they’re doing. Soon, £20 really doesn’t seem that much of a big deal. In fact, it barely registers in your decision.

So this leads us back to technology. Have you ever tried being sarcastic to Siri? Alexa isn’t much of a joker either. To be honest, calling any of their retorts ‘funny’ would be an insult to humour the world over.

Technology hasn’t quite yet mastered the art of wit, sarcasm, humour or nuance. But humans have. We utilise body language. We build rapport. We get excited to spend time around people that uses these subtleties regularly. And that’s why people buy from people – because people aren’t perfect. They are flawed and funny and interesting in a way that technology just can’t match.

So the next time you’re looking for a technology partner that actually values the relationships only another person can bring,  get in touch with us instead. We’ll work closely with you to find the right tech solutions to address your challenges today and in the future, and we do it with all with a decidedly human touch.