On Friday 12th May last year, a global ransomware attack, aptly named WannaCry, infected over 200,000 computers in at least 100 countries. It began with an email at roughly 8:30am London time. By midday, employees at Spain’s mobile operating giant Telefónica were being shut out of their work terminals and in the UK, emergency services were being pulled and hospital facilities were being shut down. At organizations around the world, similar events were being reported.
WannaCry is just one example of the scale of damage cybercriminals can inflict upon an organization by using email as a means of delivery. In the face of such a severe threat, the need to protect email channels has never been greater. We recently surveyed 600 business decision makers and 1200 employees across the UK, US, Germany, and Australia who, echoing this sentiment, ranked phishing emails as the top threat when asked what they saw as the biggest cybersecurity danger to their organization.
In the UK alone, 59% of business decision makers highlighted the phishing email as a chief concern for their business. Coming in far and above any other threat listed, its position at number one reflects the scale of impact a single malicious email can have on an organization. Ranking second on the list came a lax attitude by employees to sharing passwords, with one-third (33%) of UK businesses listing this as one of the biggest threats. The next offender on the list and taking third place came USB’s, with 31% of respondents highlighting these devices as a major threat. Worryingly, ahead of the GDPR deadline on May 25th, 30% felt that employees not following data protection policies could also be one of the biggest threats to their organization.
Evolving your approach to email security
With email still being the primary business communication tool for business collaboration, it’s unsurprising that it’s shown itself to be a key vulnerability in UK cyber defenses. If businesses are to fully secure themselves, they need to change the way they mitigate the risks. Below is outlined a three-pronged approach to improving email security:
- Performing mock phishing exercises and physical penetration tests might show you where vulnerabilities exist, however, this approach to catching staff out doesn’t necessarily solve the root of the problem. Educating employees about how to recognize a phishing email and other malicious email based tactics used by cybercriminals will ultimately help to ensure the business stays safe. Implementing regular communications and training sessions around the top cybersecurity threats facing a business, such as the dangers of opening a suspicious email or the consequences of sharing a password with a colleague, will help instill a culture of cyber awareness that can truly fortify you organization against cyber-attacks and data leaks.
- Developing clear lines of conduct around email communication is key to reducing the chance of malicious emails entering and spreading through your organization. Policies can be created around the senders and receivers of messages. These permit whether an email is allowed be sent to specific individuals or not and is a sure way of limiting the opportunities cybercriminals have to successfully penetrate your organization with a phishing attack. Our Secure Email Gateway provides users with the option of setting up flexible policies and context-aware content inspection to ensure communications are not restricted and employees can work unimpeded.
- There is no single bullet to cyber defense. Taking a layered approach and investing in a cross-section of security technologies ensures your business collaboration channels are protected from every angle. With email being a primary route for cybercriminals to infiltrate an organization, security for this communication channel is critical. Many organizations just focus on inbound threat protection, but this is just one element of email security. Clearswift email security solutions offer a multi-layered protection system. Ongoing anti-malware and active code detection ensures that no malware comes in, or goes out, via email, whilst advance features such as Structural Sanitization remove macro’s, scripts and Active/X can be removed from messages and attachments. What’s more, Clearswift’s Message Sanitization is able to remove URLs, Attachments, and HTML from email to ensure phishing attacks are thwarted at your organization’s doorstep.