By Amos Aesoph – CSO, Xigent Solutions
All it takes is a quick glance at your inbox to see that email remains a vital business communication tool. Unfortunately, it also remains an attractive point of infiltration for cybercriminals. A recent report showed that spear-phishing emails were used by 71 percent of groups that staged cyber attacks in 2017. The ability to deliver threats directly to the endpoint is simply too easy and effective for adversaries to ignore.
With email holding firm as a top threat vector, a robust email security strategy cannot be overlooked. Here are four things to consider when developing yours.
1. Your employees are your #1 security asset.
Train your employees to recognize email attacks. Consider offering cybersecurity training to keep them up to date on the latest email-borne threats as well as best practices for avoiding them. At a minimum, make sure all of your system users are aware of these common tactics used by cybercriminals to execute email attacks:
· Phishing – Emails that include links to a phishing URL or domain that seeks to trick users into sharing credentials or other valuable information. When the email appears to come from a trusted source, this is known as spear-phishing.
· Business email compromise – Having obtained a user's email password, a cybercriminal can log directly into the individual's account and send emails that appear to be from the user. This is often difficult to detect because the email originates from a legitimate account.
· Malware or ransomware – By including a malware- or ransomware-ridden attachment in an email, cybercriminals can infect your system with malicious software if a user were to download or open the attachment. If this were to happen, your system could be disabled or "held ransom" by an adversary demanding a sum of money.
2. Leverage threat intelligence to protect against unknown threats.
The email attacks launched by cybercriminals are constantly changing—and becoming increasingly sophisticated in the process. Knowing what types of threats are circulating and which links and attachments contain malTware or ransomware is the key to preventing an attack from reaching your inbox. Partnering with a security expert to employ services and products with built-in threat intelligence can help to keep your system safe.
3. Don't rely solely on your cloud-hosted email provider.
Cloud-hosted email solutions offer a myriad of benefits, but adequate security is not one of them. That's why it's critical to incorporate a mix of email threat protections, including anti-virus software, retrospective analysis, and real-time URL analysis, and email security technologies into your strategy.
4. Consider all of your options.
Whether your email is hosted in the cloud or in-house, there are multiple options for protecting it from an attack. Your email security strategy should complement your current cybersecurity measures while accommodating your unique IT needs. To achieve this, we can help you evaluate your existing email security controls to determine if you could be better served by another option.
To learn more about options for defending your inbox from today's email attacks, give us a call today.