If you ever wanted an indication of how challenging the email security environment can be, consider this: recently released research shows that two million malicious emails bypassed traditional security measures between July 2020 and July 2021.
Given that hundreds of billions of emails are sent and received every day, that might seem like a drop in the ocean. It’s important to remember, however, that it only takes a single person opening a link or attachment in a malicious email for a breach to occur. And those breaches can be very expensive. According to IBM and Ponemon’s annual Cost of a Data Breach Study, the average cost of a breach in 2021 is US$4.24-million, the highest it’s been in 17 years.
With that in mind, what can organisations do to reduce the risk of security breaches and stay safe year-round?
No guarantees
The first thing to remember is that no organisation can guarantee that it won’t fall victim to a data breach. No matter how much work you put in, new threats are emerging all the time. Cybercriminals are also increasingly sophisticated, making it more and more difficult for both technology and humans to pick up when an email is suspicious.
That does not, however, mean that organisations shouldn’t be doing everything in their power to avoid falling victim to a breach. It does mean, though, that every organisation should also have a solid data breach response plan in place.
Technology and education
When it comes to defence, the best approach for any organisation is to rely on a combination of technology and employee education, rather than one or the other.
From a technological perspective, organisations should partner with security providers that don’t just react to threats, but proactively monitor and assess them and be able to secure all aspects of the business, including email, cloud, and productivity suites.
A security provider should also proactively communicate with the organisation to ensure that it’s aware of the latest threats. That, in turn, makes it easier for organisations to educate employees.
Arguably the strongest tool in any organisation’s defensive armour, education needs to be an ongoing initiative. This is especially true when it comes to phishing, the most common form of cybercrime. With cybercriminals increasingly capable of spoofing both internal and external communications, it’s imperative that organisations remind employees and customers of what they’ll never ask them to do via email or any other form of communication. Additionally, organisations should emphasise that employees be doubly cautious of any email that asks them to click a link, open an attachment, or verify their details.
A security audit can go a long way to determining how much education is needed. It will help detect vulnerabilities in things like forwarding rules, mailbox permissions, passwords, multi-factor authentication, and more.
It’s also important that organisations make it clear how and where to report suspicious emails. The faster an organisation’s security team is alerted, the more quickly it can respond and intervene to warn employees and shut down spoofed websites.
With remote and hybrid work becoming increasingly common, organisations additionally need to ensure that employees are safe when working off-site. The steps they can take on that front include, but are not limited to:
- Issuing each employee a portable computer and a VPN token with Multi-Factor Authentication
- Making sure all machines are encrypted, contain end-point security, and have everything in place for regular patching
- Making sure all machines are equipped with email security, encryption, archiving, backups to protect against spam, ransomware, malware, spearfishing, etc,
- Providing security awareness training for all employees as well as education from LinkedIn Learning on working securely and working remotely,
- Open communication through cloud-based productivity suites, video conferencing, open chat channels to enable the team to collaborate and communicate.
Breach responses
When a breach does happen, an organisation needs to have a recovery plan in place. The most immediate priority should be for the organisation to go into safe mode. This will allow it to run system checks to identify the breach, alert a task team and communicate to affected parties, service teams, the information regulator, and media accordingly.
The plan should also be continuously tested and refined. This not only stops people getting complacent, it helps keep the plan fresh in the face of new threats and employee turnover.
Backing up regularly and securely is also critical to breach recovery. Your backup provider should be able to address the unique needs of laws such as GDPR and any others that impact the jurisdiction you operate in. This includes, but is not limited to, its choice of data centre, data encryption, at-rest and in-transit rules, and the ability to purge backups. Additionally, adopting a backup provider shouldn’t impact on your organisation’s ability to do business.
Planning is crucial
Through a combination of technology, education, and response plans, organisations can ensure that when malicious emails do get through, the threat they pose is as limited as possible. In doing so, they not only limit the impact of a data breach, but also retain the trust of employees and customers. That, in turn, is vital to long term profitability and growth.
“
