Choosing to secure your email communication not only protects your mailbox but also your entire organization's network. Cybercriminals see emails as the most attractive vector of attacking your organization's network.

Phishing, one the most common type of social engineering attacks used by these cybercriminals is deceivingly dangerous because suspicious links are hyperlinked within email text and can be hard to distinguish as suspicious by an untrained eye.

It takes only one click to affect or even compromise your whole network. This is further complicated by the fact that many types of phishing scams are not easily eliminated by software alone. It takes a combination of threat detection systems, security awareness training, and a vigilant IT team to create a solid defense against phishing threats.

Common threats to email and network security

1. Email spoofing

Spoofing is the act of forging an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a popular tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

2. Phishing

As mentioned above, phishing is the most common form of social engineering used by cyber criminals globally. Social engineering is an attack vector used by threat actors to present themselves as trusted individuals or sources. This attack vector requires research on the target. The attacker may mine personal information on employees from public social media accounts and other intelligence on employee structure.

Spear phishing

As of March 2020, it was reported that COVID themed spear-phishing emails alone rose by 667%.

A spear-phishing attack is a type of email spoofing designed to look like it was sent from a user’s manager within an organization. The intent of spear phishing is often to acquire critical information, such as client data which hackers can use to further distribute malicious content.

Spear-phishing attacks target a particular person or group of people, usually low-level to midlevel employees as shown below. This makes it different from other types of phishing scams that are characterized by mass email distribution to an indiscriminate pool of users.

Figure 1; A targeted spear phishing attack model by TechTarget

When hackers target high-level members such as CEOs and top managers, this type of phishing is known as whale phishing. Hackers attempt to trick their victims by disguising themselves as a client, supplier, or other stakeholders using email spoofing usually to get them to initiate or authorize data or financial transactions.

Ransomware attacks

Since the onset of the COVID-19 pandemic there has been an over 100% increase in ransomware attacks in March 2020 according to Techtarget. Some, if not most of ransomware attacks are propagated through phishing emails that hoodwink users into running malware on the PCs.

A common example of such malware is a remote access Trojan that allows hackers to take full control of the users' PC. In light of the pandemic, the increase in spear phishing emails can be credited to cyber criminals targeting high level employees with access to critical information whereby the remote access Trojans are used to launch ransomware attacks.

How to secure your business email communication

Cybercriminals have been and will continue to exploit the chaos, grief and vulnerability of unsuspecting users without remorse during the COVID-19 pandemic.

As businesses seek to implement work from home policies indefinitely, email and collaboration tools are critical to setting up and managing remote workplaces. Business decision makers must liaise with their IT teams and reliable email hosting service providers to secure email and collaboration tools. In our 13 years of service, we can conclude that the full armor of business email security must include;

Email filtering
Email security awareness and training
An email archival system
Disaster recovery for businesses with on premise email infrastructure such as Windows Exchange or Mdaemon

1. Email filtering

Businesses are faced with various security threats that are propagated through email as we outlined earlier. Such include spear-phishing, malware, impersonation, Man in the email attacks and data leaks. Organizations must protect themselves from targeted email threats by installing an email filtering gateways between their mailbox or any other infrastructure and the internet.

Email filtering ensures that all inbound and outbound emails are filtered before reaching your mailbox. This will eliminate spam emails, malware and phish emails thus securing your mailbox.

2. Email security awareness and training

It is not enough to have an antispam filtering gateway. Hackers work day and night to devise new ways of sending spam, phish emails and malware. Because of this, some spam or phish emails may manage to reach your mailbox.

Therefore, your staff must be equipped with knowledge of how to identify a phishing email or a compromised email account. Your staff must also know the procedures to follow in cases where they fall victim to a phishing attack. Email security awareness will help your staff remain updated on email security threats, prevention, and damage control.

3. Email archiving

It is always wise to prepare for the worst-case scenario. Email archiving is the disaster recovery of email. Backing up emails, whether to a laptop, hard drive or any other infrastructure as most organizations do can become a complicated and expensive process as email data continues to grow.

Just like data backup, email backup does not guarantee the continuity of email communication in the event where you lose important emails. This means that emails deleted or lost prior to initiating backup will not be backed up. Employees or users can also easily access your email backups and tamper with stored emails intentionally or unintentionally.

Cloud email archiving guarantees the continuity of your email communication by automating email backup. This means that all original inbound and outbound emails and all metadata are automatically pushed to a cloud email archive before reaching your mailbox. No deletion of emails and email retention compliance policies are met.

4. Disaster recovery for on-premise email infrastructure

In some organizations, email communication is mission-critical. This means that it must be available at all times for organization success. Servers even when properly maintained can crash due to various reasons. A natural disaster such as fire or flooding can damage your on premise infrastructure. What would be the implications of your staff, clients, suppliers, etc. not having access to email?

Disaster recovery, more specifically, disaster recovery as a service ensures that you can recover within a few minutes.

Conclusion

With an email filtering service, an email archiving system, email security awareness/training, and disaster recovery for on-premise mail infrastructure you are fully armored to win the fight against email security threats.