Email is a necessary component of just about every modern business today. It’s used for not only internal communication among employees, but also for communication with clients, suppliers, and manufacturers, as well as many others. Email, when used correctly, can help to make your business more efficient and helps to keep everyone on the same page and informed.
However, there also is a dark side to using email as a distributor technology — one that is embodied in a variety of cybersecurity threats, including phishing and malware. In 2017 alone, there were 53,000 incidents and 2,216 confirmed data breaches that occurred, according to the Verizon Business 2018 Data Breach Investigations Report.
According to the Federal Bureau of Investigation (FBI), cybercrime continues to grow at a high cost to businesses worldwide. Both U.S. and international businesses have reported losses of more than $5.3 billion dollars due to more than 40,000 business email compromise (BEC) incidents between October 2013 and December 2016.
It is for all of these reasons — and more — that email security is such an important defense for every business in the manufacturing and distribution (M&D) sector. Let’s explore some of the top email security threats and what you can do to protect your business.
Malware is a Growing Threat
Malware is malicious software that uses harmful code to gain access to computers and other devices to control or damage them. It is the type of dangerous software nobody wants to receive, and it spreads rapidly once a device has become infected. According to Cisco threat researchers, self-propagating malware even has the potential to take down the internet.
Malware can be broken down into several categories, including viruses, worms, bots, and trojans. It also includes ransomware, a threat that has skyrocketed in frequency over the past year. This bad software is most commonly spread through malicious emails, however, it also can be spread through advertisements, websites, or even direct connections (such as infection via a compromised USB device).
And, if your employees use their mobile devices to access their email, don’t think that means they’re somehow safe from the reach of hackers. In fact, their emails may even be more at risk by using mobile access. For example, a study by Alcatel-Lucent (now Nokia) found that more than 32 million mobile devices were infected with malware in 2016—with the majority of malware affecting Android devices.
Uninformed Employees: Your Business’ Biggest Weakness
Put simply, employees are the biggest threat to every business. Employees can open up your organization to a variety of threats by clicking on links in malicious emails, downloading infected content, clicking on malicious advertisements (also known as “malvertising”), or by connecting infected devices to your network.
Phishing and Spear-Phishing
Phishing emails are social engineering messages that are designed to gain sensitive information from loosely targeted users. They’re the more generic version of spear-phishing emails, which are highly targeted emails that are sent to small groups of potential victims.
The overwhelming majority of social attacks on businesses are conducted through the use of phishing and pretexting, which represents 93% of breaches and 98% of social incidents (with email being the most common vector at 96%), according to the Verizon Business report.
Non-Approved Use of Your Business’ Devices and/or Network
Another major threat to businesses is the improper use of your business’ devices, such as mobile devices, laptops, and desktop computers, by employees. This also includes the connection of BYOD devices to your network that don’t have adequate security protections.
To help combat phishing and other employee-related issues, I always try to drive home the importance of providing cybersecurity awareness training whenever I speak with a new or prospective client. The goal of this training is to inform users of online safety and best practices, as well as how to identify threats (such as malicious emails) and how to properly respond to the situation.
How FPA Protects Your Email Accounts
At FPA, we always recommend that our clients use Office 365’s customizable email filters as part of our solution to help strengthen their cybersecurity defenses (among many other protections). Some of Office 365’s email anti-spam protection features include spam, connection, and outbound filters.
Spam filtering automatically identifies and filters spam emails; it also IDs emails that are sent from specific regions or countries, as well as those that are written in other languages to determine whether to allow them through to your inbox.
Connection filtering, on the other hand, is a method that verifies the reputation of the sender of every email. It enables users to create a list of specific IP addresses or a range of IP addresses to block or allow messages to move through as well.
Additionally, Office 365’s outbound filtering capabilities continuously check your users’ outbound emails to ensure that they aren’t inadvertently sending spam emails or malware should their systems become infected.
At FPA, the cybersecurity protection of our clients is paramount. In addition to Office 365’s email filtering system, we utilize a system called Reflexion (pronounced “reflection”) for our clients as an added layer of protection. This antispam and email security service helps us to provide greater defense in depth for your email accounts and business as a whole by blocking messages before they reach your network.
Reflexion’s Total Control Email Security helps to block a variety of messages through a variety of features, including:
- Attachment Filtering;
- Block List;
- Known Users;
- Permitted Countries;
- Permitted Languages;
- Realtime Blackhole List (RBL) Protection;
- Subject Filtering; and
- Virus Scanning
Don’t want to worry about the messages you want to receive ending up in a spam filter? You can specify the email addresses you want to receive via the use of its allow list. Need to set up variants of your email address for different purposes? Simply use the address-on-the-fly (AOTF) feature. The email security service also features a Bayesian filter, which evaluates the content and subject of all emails to determine whether it’s spam before allowing it move through to your inbox.
If your server goes down for some reason, Reflexion’s automatic inbound email queuing capability will temporarily hold your emails and will deliver the messages once it is back online.
Additionally, it’s outbound email feature will help to protect the reputation of your business by checking all outbound messages to avoid your emails being blacklisted for spam.
There are many financial, reputation, and protection reasons why you should invest in a managed email security service to protect your distributor technology and business overall. I hope that this information is useful and informative.
What are you currently doing to improve the email security of your organization? Share your recommendations and thoughts in the comments section below or reach out directly to speak with me about this topic more in-depth.