Read Time: 3 Minutes
Email protection cannot be overlooked – email is a tool that is very comprehensively used in all companies, usually the number-one communications channel. Therefore, using it to breach company networks can be the opportunity cybercriminals are looking for. The FBI estimates that business email scams worldwide totaled more than $1.2 billion from October 2013 to August 2015.
In addition, the nature of email-related issues seems to be changing towards a more serious direction. For the first time in 12 years, the amount of spam has decreased. However, simultaneously the amount of malware spread through email has increased heavily.
A recent article in the Wall Street Jounal’s CIO Journal warns the government and critical infrastructure companies of a phishing campaign that seems to continue in line with other similar attacks, luring employees to click on a URL in the email and unknowingly download malicious software that targeted a previously unknown bug in Adobe Flash Player.
Harri Ruusinen from F-Secure Finland explains:
When it comes to email, there are three challenges companies are struggling with.
- Human errors – confidential information falls into the wrong hands
- Infections through malicious links
- Controlling email volume – the number of bulk email is growing
How often do you, or any of your colleagues, accidentally send mail to the wrong recipient? This is a common, easy-to-make mistake, but if the content of the mail is private, it could cause lots of security issues, and bad publicity.
Do you know what information should always be encrypted? After all, sending unencrypted email is similar to sending a postcard…
Infections through malicious links
Infections through malicious links basically happen in one of two ways: the email attachment is infected, or the email contains a link to a malicious website. These are sometimes very hard to notice as attackers have learned how to make the email look legitimate.
Controlling email volume
The amount of legitimate email is huge as such. Add to that the bulk emails, such as newsletters and marketing messages, as well as spam messages, not to mention the phishing attempts, and the user has their plate full.
Harri continues to provide some hints on how to tackle these three issues:
- Human errors: Automatic detection of confidential information in email and encryption of email messages will minimize the possibility of human errors.
- Infections through malicious links: The way to avoid these is to filter malicious links in real time and use proper malware protection.
- Controlling email volume: The cure is a self-learning spam filter that detects the various types of email messages – spam, bulk, phishing, adult.
The upcoming Network and Information Security (NIS) and General Data Protection Regulation (GDPR) legislation puts additional pressure on organizations to protect the privacy of their customers. What’s more, we have seen that attacks on personal data are getting more and more common. To add to the pressure, consumers are also more and more conscious of their right to their own private data, and demand organizations to value that privacy.
Basically, there are two points where you can secure and control the email traffic that comes into the organization.
- You can set a layer of protection BEFORE the email ever arrives at your email server, or
- You can install protection ON the email server.
Your organization’s size, industry, and amount and sensitivity of information handled define which email security solution is the best fit for your organization.