With 94% of malware delivered by email last year, it is crucial to continually educate and inform your staff about email security, the threats to watch out for, and how to identify potential social engineering attacks.
The lockdown has highlighted the importance of cybersecurity as an integrated business process, especially given the normalisation of remote working. But while the focus has been on safeguarding employee devices, email security has fallen by the wayside. And yet, 95% of cyberattacks leverage email as an entry point into organisational back-end systems.
Perhaps even more concerning is that last year 94% of malware was delivered by email. Fast forward to the present and the dynamic challenges, and organisations can ill afford to neglect one of the most fundamental elements of their business.
But email defence entails more than just installing an anti-virus or firewall. It centres on increasing the business resilience against all forms of malware while still delivering business continuity and disaster recovery should the worst happen.
Of course, this is as much a technology problem as it is a human one. In the case of the former, organisations must be aware of not only endpoint protection, but backup storage best practice, the importance of encryption, and even recovery testing of backup data when it comes to employee emails. For the latter, it is about continual education campaigns that keep staff informed of the threats to watch out for and how to identify potential social engineering attacks.
Despite the risk to operations, many companies still believe their existing cybersecurity solutions and approaches will provide adequate defence against sophisticated threat agents. Sadly, the reality is that it is only a matter of time before they get compromised. Surviving a random virus might be relatively easy, but overcoming a concerted ransomware attack is on a whole other level.
Imagine the consequences if a business cannot recover its email data. From customer contracts to client files, sensitive documents to contact information built up over years of engagement, none of this will be safe if a hacker locksdown company data with ransomware.
Anecdotal evidence suggests that companies who do end up paying ransomware will likely need to close their doors within six months of doing so. The repercussions are far-reaching both from a financial and reputational perspective. And then you have the likelihood that hackers would simply target the business again, especially if it is known to the underground community that it pays ransomware.
Local organisations must take their email security and business resilience more seriously. Yes, there are many ‘fear, uncertainty, and doubt’ campaigns muddying the waters especially when it comes to the seriousness of the threat. But it is about taking a more proactive stance and implementing the right kind of cybersecurity solutions, updated policies to reflect business continuity requirements, and educating staff on email and other threats such as social engineering.
The business landscape will be radically different this year. If cybersecurity does not form part of the new environment for a company, then its chances of remaining relevant will all but disappear.
Tips to up your email security:
• Use Strong passwords: Utilise a minimum of 8 characters, with upper and lower case, random numbers and letters.
• Change your password regularly.
• Ensure you have email security. That includes protection from phishing, spam and viruses, and allows for policies.
• Know the sender, don’t just open emails and click on links and attachments.
• Have a compliant archive to ensure continuity and governance.