Email security covers a number of areas – not just protecting unauthorised access to your email account and all the content within it. Without the appropriate measures in place, you leave your business open to risks from:
1. Phishing attacks: Fraudsters will endeavour to obtain sensitive information from you, or your staff, such as credit card details, usually with emails disguised as being from legitimate sources, such as payment processors, social media sites, etc.
2. Spoofing: Similar to Phishing, but usually more audacious! Here is a fictional example: A Finance Director receives an email from the MD to transfer money to a bank account for a legitimate sounding reason – e.g. pay a new supplier for a current project. The FD carries out the instruction and, goodbye cash! It wasn’t the MD but a fraudster posing as the MD. How? Either crudely (but effectively) using an email address which is almost identical except one small digit change (e.g. 1 for an l), or more sophisticated – depending on your email security – may have hijacked the MD’s actual email address (e.g. see man in the middle attacks below).
3. Malware: Short for Malicious Software, used to describe a number of harmful software, such as Viruses, Worms, Trojan Horses, Spyware, etc. The vast majority of businesses who suffer a malware attack do so because an employee has (usually unwittingly) introduced it to the network by clicking a dodgy link in an email.
4. Ransomware: Essentially the same as any other form of malware – but because it is particularly harmful to your business – both financial cost and reputation, we have given it its own listing. Ransomware is specifically designed to encrypt company documents/files, and then elicit a ransom payment to release these files, which often doesn’t work, so companies end up paying but still losing data (and credibility, if the attack gets out into the open).
5. Man-in-the-Middle attacks: Someone intercepting emails to/from your business, such that they can alter the content to their own gain, or they are simply seeking to learn – e.g. to mimic senior individuals by copying their style, for a more cunning and larger spoofing attack later on. Often MITM attacks are possible due to emails sent over unencrypted WiFi.
6. Social Engineering: Fraudsters may engage with their victim(s) before carrying out the fraudulent act, to build trust and confidence that they are genuine – including subtle Phishing emails. A type of confidence trick, with potentially dire consequences for your business.
There are a number of ways in which you can help protect your business, start by downloading secureVirtual’s free poster for the office wall – a user’s guide to keeping their email safe.
Email continuity is a form of email security for your Exchange Server (or mail server). It is important to have a service in place to act as safety net, should your email service or mail service provider crash. For example, Microsoft 365 Exchange Online offers a 99.99% SLA, meaning there will very likely be at least 1 hour’s downtime at some point during the year. However, what if your mail server or service was out of action due to a DDOS attack, power failure at a data centre, or similar? Having email continuity means that you could continue to access your email during this period, and still be able to send and receive email from an alternative system – in effect a backup mail service, allowing you and your business to carry on as usual.
Learn more about how secureVirtual can help your business minimise email security risks and business interruption. Contact us for a check-list, which can help you put in place robust security policies.