Email Security: Why it’s so important!

Email security is incredibly important to any user on an Organization’s network because not only does it affect you, but if you fall victim to a hacker it can also affect everyone else in the organization whether that’s losing money, losing your job, being audited, identity theft, or even the closing of the company.

So, please read this information so that your life isn’t negatively impacted by a hacker’s threats.

In 2016 Email security is hugely important because of how the threats directed at organizations have evolved.  Specifically, Directed Social Engineering and Email Phishing and Email Spoofing attacks have taken off exponentially.  Gone are the days of Distributed Denial of Service attacks which can be characterized as a hacker using a “bomb” to disrupt business operations (i.e. shutting down an e-commerce web site).  Now we have very targeted attacks on specific firms and specific individuals in the firm (generally executives) which can be characterized as a hacker using a sniper rifle to go in and steal information or money from an organization.  Wow! It is striking how the world has changed, and we need to change with it to make sure we don’t fall victim to these well-orchestrated attacks.

When we refer to email security this brings up a huge scope of technologies that are used to limit what exposure exists in an organization to attacks and malware.  These include Spam & Virus filters, Email Encryption, Email Archiving… and the list goes on.  However, these technologies are not what we are talking about here.  The simple fact is that the technology is actually very good and works very well to prevent data or monetary theft.  The problem unfortunately is the users of the technology and not the technology itself… Hearing this from a technology group, this can sound like a complete cop out, but in reality it is the truth.  If you’re a hacker and you look at the weakest part of the network it’s definitely the users themselves.

The fact is when hackers looked at broadening the attack surface, users’ enabled them such a vast area to attack that it’s very difficult for organizations to defend these attacks.  Now that this attack surface has begun to be exploited it’s important to discuss the keys in defending our organizations as best as possible.  We aren’t talking about new advanced technologies but instead we’re going old school and recommending Security Awareness training and Policy creation and enforcement to limit damage and exposure.

Security Awareness training is key so users are aware of what threats are out there and how to identify these threats.  Written organizational policies will keep people that have been compromised by a hacker from being able to give the hacker access to information or money.  Knowing what to train on and what policies to build for your organization are as important as what technology you buy.

Here’s some of the key aspects of Envision IT Partners’ Security Awareness Training:
  • Only open emails from people you know and if you get a suspicious email DO NOT click the link
  • If you think it may be legitimate, you can verify the link by moving your cursor over the link – this will show you the destination path of where the link is actually pointing
  • Be skeptical and you can always call or email your Managed Support provider
  • You can also call the person sending the email to verify it’s legitimate
  • Use 3 email accounts to provide added security: 1. Work 2. Personal 3. Online registrations
  • Avoid sending unnecessary personal information via email
  • Assume all your professional emails are monitored
  • Use complex passwords

 

A great technology team or MSP can help you plan and secure your network.  But when it comes to email security so much of it is left of to the user to show more care and attention to stay professional and secure.

To learn more about what you can do to protect your organization please email us at [email protected] and we’ll work on building a plan for you.