4 Dangerous Email Security Myths (And The Reality)

Email is critical to most companies. It is how we communicate with co-workers, suppliers, contractors, and customers / clients. Without it, much of our business would come to a crashing halt. However, it is one of the areas where we are most vulnerable to cyber attacks and data theft. Billions of emails are sent every day, many with some soft of confidential, or secure, information within them. And, emails are never a 100% secure form of communication. In fact, when it comes to data theft, email is often the selected intrusion point. Below are 5 myths about email security (some of which are so pervasive that you may have thought they were true). However, the reality is far different. The five myths include:
  • A Strong Password Is All You Need
  • Email Service Providers Take Care Of Security For Us
  • Trained & Smart Employees Will Obviously Know Better
  • Secure Email Gateways (SEGs) Are Enough

Myth #1: A Strong Password Is All You Need

A password is generally considered strong when it contains a rather long (15 characters or more) combination of uppercase letters, lowercase letters, numbers, and special characters. Even just a few years ago, this was near enough to secure for most email users. However, as email password cracking has become more and more sophisticated (including the use of limited AI to generate passwords more and more inline with what actual humans may choose). The true answer for today’s world is the use of MFA, or Multi-Factor Authentication. MFA is essentially a multi-step process for logging in that utilizes different types of information for the login steps. One of the most increasingly popular factors in MFA is a biometric login, such as a fingerprint scannner, or facelock on a cell phone.

Myth #2: Email Service Providers Take Care Of Security For Us

Yes, your email provider will help you, often by making the latest security tools available to you, and your team. For instance, GSuite (the paid email service from Google) does provide MFA protection for your entire team, however, if you do not turn this feature on, and train your team in using it, then you do not have this protection. Relying on your email provider, without ensuring that you are taking the appropriate steps, and taking advantage of the security tools provided to you is a mistake...and in many cases, a very costly one.

Myth #3: Trained & Smart Employees Will Obviously Know Better

It is critical that your team receive detailed training in email security, the policies and best practices that your company has in place for protection, and what to do with potential threats, however, in most cases, this alone is not enough. Phishing and social engineering attacks are becoming more and more sophisticated, and dangerous everyday. Plus, with the amount of data (and the cost of that data in time and wealth) at stake in a cyber attack today, a comprehensive, ever-evolving email security program is the only way to ensure safety. On average, the cost of a cyber attack is about $3.8 million. And, roughly 90% of all cyber attacks are phishing attacks. If your main security feature is relying on employees to know which links and attachments in the hundreds of emails they receive on a day are safe, you may find yourself in a very dangerous situation sooner rather than later.

Myth #4: Secure Email Gateways (SEGs) Are Enough

An SEG is a critical component of email security, often providing many key aspects of cyber security including:
  • Antivirus
  • Malware Blocking
  • Spam Filtering
  • Content Filtering
  • Email Archiving
However, even with these evolving protections, the rate of phishing attacks does not go down, in fact, it continues to rise. Why? Simple - because it works! In fact, the newest phishing attacks are specifically engineered to hopefully bypass these very basic protections.

The Reality

In reality, your email security needs to take advantage of all of these important attack-stopping tools and tactics. You should be using strong passwords, multi-factor authentication, all of the tools provided by your email providers, a detailed training program for team members, as well as the tools that an SEG provides. On top of that, you should regularly consult a cyber security expert who can audit your email security on a regular basis, and provide upgrades and improvements to keep your safe going forward as attacks become more dangerous, hard to spot, and costly.

Contact Xorca For The Best Business IT Services Today

Xorca has been the leader for business IT services Ithaca NY for more than 20 years. If you need IT or computer support, contact Xorca today for a no-hassle consultation and assessment. Call me today: (607) 539-3263.

Need A Guide To Getting Your Business' IT In-Line & Secure?

Grab our FREE IT best-practices checklist today and see exactly where we recommend you focus your efforts for maximum performance, reliability, and protection. Just tell us where to send your free guide (PDF) using the form below:


How To Prioritize Your IT Setup


IT Infrastructure Best-Practices


Software Best Practices


Cloud Computing Best Practices


Cybersecurity Best Practices


The PBOM Plan For Business IT

From Our Blog

Helpful Tips & Tricks

Video: Small Business IT Basics

Video: Small Business IT Basics

Today there are a number of critical technology for small business - tools and services that will help them succeed (and thrive) in today’s fast-paced, ever-changing business world. IT can seem like a challenging (and overly expensive) part of your business that gets...

read more
5 Critical Technology Needs for Small Business (2019)

5 Critical Technology Needs for Small Business (2019)

Today there are a number of critical technology for small business - tools and services that will help them succeed (and thrive) in today’s fast-paced, ever-changing business world. If you are wondering what new technology your small business needs to start leveraging...

read more
What Is Network Attached Storage?

What Is Network Attached Storage?

Network Attached Storage (or NAS) is exactly what it sounds like. It is data storage space attached to your local network. Think of network attached storage as a combination of an external harddrive and a cloud storage server (like Google Drive, AWS, other cloud...

read more

I worked with Gvozden on some of the technical side of a client's website redesign and server move. He was extremely professional, prompt, and a pleasure to work with.

Matthew Brown

Owner, 607WebSolutions

Gvozden is a tech genius, and always 100% helpful with all of our technical needs here at the school.

Walaa Horan

Operations Director, Ithaca Montessori School

Xorca Computer Consulting

185 Midline Rd
Slaterville Springs, NY 14881

P: (607) 539-3263
E: info@xorca.com
W: www.xorca.com

Copyright 2019 Xorca Computer Consulting
All Rights Reserved