Don't take the chance. Upgrade your email security.
Organizations and CEOs need to know the signals for attacks, and to value the role of email security as a key element of their security programs.
Articles published October 24, 2018 by Jack Schroeder
Today, our email inboxes are flooded with spam, junk, and other unproductive information that’s not relevant to our business. On top of the useless emails we get, there’s also malicious activity, such as malware attacks or phishing, which try to trick you into clicking on fraudulent content.
In fact, these kinds of attacks are gaining in popularity. Mimecast reports that 90 percent of global organizations have seen the volume of phishing attacks increase, or stay the same, over the past 12 months, and that nearly 40 percent agree that their organization’s chief executive officer is a “weak link” in their cybersecurity strategy.
Email impersonation fraud also proves to be on the rise. Specifically, 40 percent of organizations have seen an increase in the past year in the volume of cyber attackers requesting wire transaction.
According to Mimecast’s survey regarding emailing sensitive information to the wrong person, the responses included:
- 31 percent reported sensitive data was sent via email by a member of the C-suite to the wrong address by accident.
- 22 percent said sensitive data was sent via email by an employee to the wrong address.
- 20 percent said an email with sensitive information was sent by an employee in response to a phishing email.
- 20 perfect reported that an email was sent by a C-level employee in response to a phishing email.
What does this mean? It means that hackers are getting smarter and more persistent. In addition, organizations and CEOs need to know the signals for these attacks, and to value the role of email security as a key element of their security programs.
What You Can Do About It
Along with getting out the word and making sure everyone is informed, here are two other effective ways to educate your employees and reduce your risk of a breach.
Social Engineering Assessment
One way to ensure you’re protected from social engineering attacks is to leverage an external social engineering assessment. The assessment will include a series of tests to see how easy it is to gain access to company networks and data. These tests are done to determine how and where an organization is vulnerable to attacks.
After the assessment is completed, organizations can take the necessary steps to mitigate exposure to many of the most common types of cyberattacks. In addition, they should communicate to employees how to make their workplace more secure and reiterate the information through additional training sessions.
Security Awareness Training
A lot of breaches can be prevented if all employees are aware of the different ways that hackers try to manipulate them and access data. Making security awareness training a mandatory event for employees will be a huge benefit over time. Let this training time be a place where employees not only learn about the different kinds of cyber and social engineering attacks, but also how to thwart the attacks. Give concrete examples of actual threats, and possibly set up a test/false attack to identify employee behaviors and then additional training needed, based on the outcomes.
The Safer The Better
Whatever your organization decides to do, it’s important to stay current on trends, and continually adapt your business practices to counter new processes and types of attacks. Ultimately, your investment of time and resources will be proven invaluable if, and when, cyber criminals try to infiltrate your network. Keeping your employee and business data secure through the right education and tools will set you up for safety, security, and success today and in the future.
Are your employees aware of phishing, malware, spam, and other social engineering attacks?