Email is critical to most companies. It is how we communicate with co-workers, suppliers, contractors, and customers / clients. Without it, much of our business would come to a crashing halt. However, it is one of the areas where we are most vulnerable to cyber attacks and data theft.
Billions of emails are sent every day, many with some soft of confidential, or secure, information within them. And, emails are never a 100% secure form of communication. In fact, when it comes to data theft, email is often the selected intrusion point.
Below are 5 myths about email security (some of which are so pervasive that you may have thought they were true). However, the reality is far different.
The five myths of email security:
- A Strong Password Is All You Need
- Email Service Providers Take Care Of Security For Us
- Trained & Smart Employees Will Obviously Know Better
- Secure Email Gateways (SEGs) Are Enough
Myth #1: A Strong Password Is All You Need
A password is generally considered strong when it contains a rather long (15 characters or more) combination of uppercase letters, lowercase letters, numbers, and special characters. Even just a few years ago, this was near enough to secure for most email users. However, as email password cracking has become more and more sophisticated (including the use of limited AI to generate passwords more and more inline with what actual humans may choose).
The true answer for today’s world is the use of MFA, or Multi-Factor Authentication. MFA is essentially a multi-step process for logging in that utilizes different types of information for the login steps. One of the most increasingly popular factors in MFA is a biometric login, such as a fingerprint scannner, or facelock on a cell phone.
Myth #2: Email Service Providers Take Care Of Security For Us
Yes, your email provider will help you, often by making the latest security tools available to you, and your team. For instance, GSuite (the paid email service from Google) does provide MFA protection for your entire team, however, if you do not turn this feature on, and train your team in using it, then you do not have this protection.
Relying on your email provider, without ensuring that you are taking the appropriate steps, and taking advantage of the security tools provided to you is a mistake…and in many cases, a very costly one.
Myth #3: Trained & Smart Employees Will Obviously Know Better
It is critical that your team receive detailed training in email security, the policies and best practices that your company has in place for protection, and what to do with potential threats, however, in most cases, this alone is not enough. Phishing and social engineering attacks are becoming more and more sophisticated, and dangerous everyday. Plus, with the amount of data (and the cost of that data in time and wealth) at stake in a cyber attack today, a comprehensive, ever-evolving email security program is the only way to ensure safety.
On average, the cost of a cyber attack is about $3.8 million. And, roughly 90% of all cyber attacks are phishing attacks. If your main security feature is relying on employees to know which links and attachments in the hundreds of emails they receive on a day are safe, you may find yourself in a very dangerous situation sooner rather than later.
Myth #4: Secure Email Gateways (SEGs) Are Enough
An SEG is a critical component of email security, often providing many key aspects of cyber security including:
- Malware Blocking
- Spam Filtering
- Content Filtering
- Email Archiving
However, even with these evolving protections, the rate of phishing attacks does not go down, in fact, it continues to rise. Why? Simple – because it works! In fact, the newest phishing attacks are specifically engineered to hopefully bypass these very basic protections.
In reality, your email security needs to take advantage of all of these important attack-stopping tools and tactics. You should be using strong passwords, multi-factor authentication, all of the tools provided by your email providers, a detailed training program for team members, as well as the tools that an SEG provides.
On top of that, you should regularly consult a cyber security expert who can audit your email security on a regular basis, and provide upgrades and improvements to keep your safe going forward as attacks become more dangerous, hard to spot, and costly.