When business owners and employees log into their email accounts, there usually isn’t much thought about security. After all, you enter an ID and password to gain access. But it would be foolish to assume this is all you need to stay safe.
The Appalling State of Email Security
In December 2016, Yahoo announced that an “unauthorized third party” stole user data from more than 1 billion accounts in August 2013. At the time, CNN ran a story with the following byline: “Just when you think Yahoo’s security issues can’t get any worse, the company proves you wrong.”
Well, it turns out that even that December 2016 announcement was just a part of the truth. Less than a year later, it became known that the attack was much more widespread. In fact, it’s now believed that the breach affected all 3 billion Yahoo users that had accounts at the time. The company was also hit by a separate attack in 2014, which affected roughly 500 million accounts.
It’s not just Yahoo, though. Every reputable email platform has experienced its fair share of breaches and attacks. In fact, all you have to do is spend some time on the dark web marketplace and you’ll find more than 1 million Gmail and Yahoo accounts for sale.
According to Dell’s third annual Underground Hacker Markets report, any person brave enough to traverse the dark web can have a Gmail, Yahoo, or Hotmail account hacked for the low price of $129. The same is true for social media accounts on popular platforms like Facebook and Instagram.
“Corporate email accounts are available for hacking too, though that costs $500 per address,” Minda Zetlin writes for Inc.com. “Most disturbingly, the hackers assure their prospective customers that they can get into victims’ email accounts without changing their passwords or otherwise alerting them to the breach. ‘Complete confidentiality – the victim will not even notice that their email account has been hacked,’ boasts one offer.”
Shocking, alarming, frustrating – whatever word you want to use to describe these revelations is probably appropriate. If you previously thought email was safe, you’re sorely mistaken.
What Businesses Can Do to Increase Security
In today’s hostile cyber landscape, businesses can’t afford to sit back and assume that everything is fine and dandy. The only way to enhance security is by taking a proactive approach that actively combats the threats facing modern companies.
While easier said than done, there are a number of things businesses can do to shift gears and place a greater emphasis on email security. Let’s highlight a few of these steps and best practices to shine a light on what companies can do.
- Integrate Third Party Security Solutions
While email platforms might not have adequate security measures baked inside, this doesn’t mean businesses have to settle for the bare minimum. There are lots of third-party security solutions that are designed to supplement email security.
For example, businesses using Outlook and Office 365 often rely on virtual data protection tools, which protect data and further encrypt email messages so that hackers can’t gain access to the information they steal.
Whether you’re using Outlook, Gmail, or, dare we say, Yahoo, there are ways to increase protection. Familiarize yourself with these solutions and select ones that complement your present situation.
- Update Your Anti-Malware Solutions
“Anti-malware technologies, such as anti-virus, anti-spam and anti-phishing tools, have been used for decades to scan email messages and block or quarantine email containing malware and other malicious content,” cybersecurity consultant Karen Scarfone writes. “Newer anti-malware relies less on signatures of known malicious content and instead uses threat intelligence, reputation services and other near-real-time sources to pinpoint the location of threats – domains and IP and email addresses, for example.”
If you’re still using outdated anti-malware solutions, now is a good time to update to newer options that provide comprehensive security for today’s most common issues.
- Educate Employees
Third-party encryption tools and anti-malware solutions are great, but employees need to have an understanding of why they’re being used and what they can do to enhance the cause (rather than deter it).
Regular training is crucial. Cyber security trends shift rather quickly and you want to ensure your entire organization is on top of the latest developments. Don’t be afraid to talk about the risks you face; never feel like you need to hide something from employees.
- Prepare for Human Error
Even with all of the education in the world, employees are still humans – and humans make mistakes. If you want your business to avoid unnecessary problems, you have to anticipate human error and implement the proper safeguards.
For example, you shouldn’t enable auto-fill of email addresses and passwords. Pop-up warnings should be triggered when an employee is about to perform a high-risk action. Spam filters should be optimized for greater accuracy. All of these safeguards come together to create a more sterile email environment.
- Control Email Access
Most progressive businesses have some sort of Bring Your Own Device (BYOD) policy in place by now. And while some companies allow employees to use personal devices in the workplace, it’s a good idea to prevent workers from accessing email on these devices.
When an employee accesses email on a personal device, they suddenly expose the business to additional risk. One additional point of risk might not be a big deal, but in a company with thousands of employees and personal devices, this can become too much to handle. For best results, restrict email access to company devices that can be more easily controlled.
Proactive Businesses Get Ahead
There’s no getting around email. In order for a company to remain competitive in today’s marketplace, email has to be a primary mode of communication. But just because you use email, doesn’t mean you have to take it at face value. At a time when security breaches are increasingly common, it’s important that you do everything within your power to proactively protect your business and mitigate risk.
If you would like to contribute an article or contact our contributors, you can get in touch here