Email security: how to deliver the right message to cyber criminals
There’s one technology that we all continue to use that hasn’t evolved since the 1960s — email. Email was born before the Internet, making it nearly fifty years old. Despite the availability of newer messaging technology — texting, messaging apps, Slack, and video chat — email is not only still going strong, it is actually thriving. In 2018, a staggering 281 billion emails were sent, on average, every single day, and that’s expected to exceed 333 billion by 2022.
While retailers and hospitality firms continue to depend on and use email, it’s wise to remember that email is neither safe nor private when it comes to communicating sensitive business matters and it can also leave a business’s wider digital network open to attack if the right security measures aren’t adopted.
There have recently been a number of high-profile political scandals triggered by the leaking of sensitive information, but you don’t need to be the UK ambassador in Washington to suffer a similar fate. In the event of a criminal hack, retailers stand to have critical business plans exposed and this can lead to reputational damage, with value wiped from retailers’ and hospitality firms’ share price if information falls into the wrong hands.
Email Trojan horse
Without adequate security measures email can also be the perfect trojan horse, giving criminals relatively easy access to both email servers and wider digital networks. This fact hasn’t been lost on hackers, with email becoming cyber criminals’ preferred method of infecting victims’ digital networks. Either of the twin security risks posed by viruses and spam can cripple networks, erode productivity and tarnish your brand.
In 2014, for example, a Ukrainian cyberhacker used a phishing email sent to a Target employee to gain access the retailer’s epos system. The result was that up to an estimated 110 million customers may have had their financial information compromised at a reported cost to the US economy of $1 billion.
These are huge figures which made retailers really sit up and take notice, but according to the 2018 ThousandEyes Global DNS Performance Report, 50% of all retail companies on the FTSE100 have still yet to take adequate security measures to protect their networks from similar email security threats including distributed denial of service (DDOS) attacks.
Multi-layered email filtering
The good news is that it is now possible to quickly and easily install multi-layered email filtering systems that give your business comprehensive email security protection.
These next-generation security solutions deliver simple, secure email server administration that is entirely web-based, with no software to install. Users can define settings that either allow or deny senders, domains, and IPs for any email to the domain. Advanced settings also allow for sophisticated rule management, including support for regular expressions.
The best email protection systems prevent hackers from crippling your email servers with a denial of service attack, block accounts used by known criminals and spammers while also using filtering to better identify spam from your specific domain.
Probably the most overlooked, and the most effective, form of email security however is enhanced cyber security education for employees.
Front-line cybersecurity education
Business email compromise attacks, like the one used against Target mentioned earlier, involve scam messages to company employees in an attempt to extract sensitive information. This could include a fake email from a director to a HR colleague requesting employee log in credentials.
It is possible to train staff to recognise a phishing email or a spam attack so that they can alert your IT department to prevent other colleagues from being tricked. You can also buy phishing simulator training that tries to trick employees into handing over sensitive information. The colleagues who fall for the fake emails can then be offered extra cyber security advice and education.
The irony is that while many retailers and hospitality companies carefully consider and invest in the security requirements of their in-store digital systems, ecommerce platforms and websites, cybercriminals will always look to attack the weakest, least defended area of a digital network and in many cases that is the humble email – a system that is used extensively, everyday by virtually every business. Smart businesses will appreciate the risks of an poorly protected email server and act, but there will still be plenty more that will, for whatever reason, continue to offer criminals an open goal.
If you are concerned about your email security, or are looking to improve on your current networks why not get in touch?