Email is one of the most vulnerable business tools in nearly every organization, yet many firms lack robust email security for sensitive (or any) content. Compound this challenge with the growing need for 24/7 email connectivity, plus archival for continuity and compliance if required, and many business owners are overwhelmed. Others are taking a “head in the sand” mentality, hoping their company won’t be a target.
The news in this regard is not good. A survey of nearly 600 successful business owners revealed that 61% believe criminal hackers are more knowledgeable and sophisticated than software developers. Furthermore, 60% believe they may have been breached without them knowing it, and 73% consider themselves at risk from cybercrime. Only 31% believe their security strategy will protect them from a cyberattack, and 21%have no cybersecurity plan in place, at all.
Cyberattackers know this, which is why email is the most common channel for opportunistic and targeted attacks. Of breaches examined in the 2019 Verizon Data Breach Investigations Report, 32% were email attacks that involved phishing. A staggering 94%of malware was delivered by email. Furthermore, less-sophisticated mobile device email clients and browsers are incapable of checking for indicators of phishing.
In conjunction with addressing these and other attack techniques, technology departments are facing more stringent compliance and archival demands, whether mandated by regulations, ordered by the C-suite, or expected by customers.
The good news? One solution can take care of all these challenges: Unified Email Management. With it, businesses gain a three-pronged solution that not only ensures 24/7 email delivery, anywhere on the planet, but also secures messages and archives them securely for reference, compliance, eDiscovery, and any other historical need.
Why Corporate Email Is One of Your Greatest Threats
Email was never designed to be a secure communication medium, and organizations continue to struggle to protect sensitive email content in transit and at rest. Even as users remain stubbornly resistant to learning and adapting their behaviors, cyberthieves continue to evolve their attack vectors.
Often funded by massive criminal enterprises and hostile nation-states, email attacks have become so sophisticated that they can easily evade detection by common email security technologies — especially those based solely on antivirus protection or “trusted sites” lists. Today’s email attacks are often a wicked cocktail of threats, combining social engineering, identity imitation, phishing messages, malware, and exploits.
- Per Verizon’s 2019 Data Breach Investigations Report, nearly one-third of data breaches originate from a phishing email. If that figure doesn’t seem impressive, consider this: phishing was used in 78% of cyber-espionage incidents, where hackers install back doors and other mechanisms to steal corporate data and/or secrets.
- Making matters worse, attacks have evolved in sophistication and no longer consist primarily of conventional malware. Today’s attackers rely on a combination of highly complex techniques they can alter on the fly to adapt as organizations close their security holes.
- Spam is just as well disguised, with attackers wrapping malware in conventional attachment types. Attackers also have the capability of automatically adapting message content to be more persuasive based upon email messages that don’t convince recipients to act.
For firms not sufficiently protected, account impersonation and takeover attacks are increasingly resulting in a massive financial and reputational loss. Why? Because humans are gullible — and our brains are naturally oriented to believe what we see. As a result, users place too much trust in the identity of purported email senders — and businesses lose money and reputation as a result. Per the Ponemon Institute, the average cost of a data breach, per record stolen, is more than $150. Multiply that by 1,000 or 10,000, and the figures speak for themselves.
How Mobile Devices Make Matters Worse… and a Tiny Bit Better
Adding fuel to the fire, the explosion of email usage on mobile devices is also increasing risk. Many workers today rely on mobile devices almost exclusively for email — and the convenience of mobile devices encourages them to use email more frequently. These “power users” consider mobile email an ideal way to communicate quickly and around the clock.
Fortunately, the use of mobile devices for email can also help thwart some attack techniques. Well-maintained and secured mobile devices are less susceptible to malware than traditional endpoints, and users are less likely to open attachments on mobile devices. Nevertheless, mobile device users are equally susceptible to attacks such as credential phishing and business email compromise (BEC), where criminals try to persuade users to send them money.
Let Unified Email Management Make Your Business Stronger
Regarding email, organizational leaders tend to fall into one of two camps: “Our email works fine; don’t mess with it (very dangerous),” or “email is inherently dangerous; lock it down so no one can make a mistake” (devastating to productivity). These two extreme solutions not only put companies at risk in one way or another; they also aren’t practical — or necessary.
The question then becomes, what is the best solution? Common enterprise controls, such as standard, reputation-based anti-spam and signature-based antivirus, do not provide sufficient protection against targeted, complex attacks. However, more advanced email solutions, which include continuity, security and archival, can make email management painless and worry-free.
These platforms, which fall into the category of Unified Email Management (UEM), provide all the support a business needs for its personnel to use email safely and productively — with no margin for error. They are generally cloud-based, which means email servers never need to go offline for upgrades, backups, or other maintenance needs. (So well accepted has cloud email become that research firm Gartner predicts 70% of public and private companies will be using cloud email services by 2021.) Furthermore, they automatically archive messages, attachments and other material for reference and/or compliance/eDiscovery requirements.
Despite the availability of these advanced solutions, at Novatech we encounter prospects every day who tell us, “We’ve had the same email solution for five [or 10 or 20] years, and nothing bad has ever happened. We’ve never had an archive go corrupt, and no one’s ever attacked us.”
In reality, their archives may indeed have gone corrupt, but they have been lucky enough not to need records from the location where the corruption occurred. Or, they may have been hacked, but the attackers are stealing their information so slowly and surreptitiously that no one has noticed. If neither has happened yet, they are living on borrowed time.
Novatech’s Take on UEM
UEM is often an available option in a comprehensive cloud office productivity system. After considerable evaluation of providers in all categories, Novatech has identified a leader: Outlook in Microsoft Office 365. Outlook 365 bests nearly every hosted Exchange provider in terms of both price and features. It empowers organizations with the protection of enterprise-grade email encryption, archiving and continuity through a secure email gateway that examines every message.
Providing 100% anti-virus and 99% anti-spam blocking, with 0.0001% spam false positives, it stops both known and emerging email-borne threats before they reach the network. Office 365 also offers flexibility regarding how email is delivered to an organization’s mailboxes. The platform can manage all mailboxes and filtering, or it can be customized to comply with specific regulatory or business needs.
Archiving is also made painless with Office 365, providing users with additional mailbox storage space. After the organization or their technology provider turns on archive mailboxes, users can access and store messages in them by using Microsoft Outlook and Outlook on the web (formerly known as Outlook Web App). They can also move or copy messages between their primary and archive mailboxes and even recover deleted items from the Recoverable Items folder. When auto-expanding archiving is turned on and a user reaches his or her initial storage quota, Office 365 automatically adds additional storage space.
In short, Outlook 365 is one of the most flexible, secure and user-friendly UEM solutions on the planet. Its features and potential levels of customization are too extensive to address in their entirety here. To explore how Office 365 and its UEM function can benefit your firm, we invite you to chat with us at www.novatech.net.