Is There a Stranger in your Inbox? Why Businesses Need to Rethink Their Email Policies

Can anyone think of a business that doesn’t rely on email as a vital means of communication?
Statista reports claim that a whopping 281 billion emails were sent last year alone across the world.
Email may be all pervasive and powerful, yet it is the easiest thing to break into and your first point of vulnerability.

Especially with business emails and the vast amounts of confidential information they transport are ridiculously easy to intercept. If you haven’t heard about it, business email compromise is highly prevalent thanks to a specific type of spear phishing attack.

According to one estimate, business email compromise incidents resulted in a damage of $12 billion in corporate losses from 2013-2018 alone. This is only the reported incidents, the damage might be significantly higher.

Business email compromise uses practice of spear phishing. If you haven’t heard of this term before, it basically is the fraudulent action of sending emails that seem like they are from a known/trusted sender. This tricks the receiver into revealing confidential information or transferring funds.

With business email compromise, cyber attackers have the specific intention of duping employees into transferring funds to accounts that seem authentic but actually belong to the cybercriminals.
Imagine a typical scenario: The sender impersonates someone higher up in the company and requests a wire transfer for a seemingly legit reason that the receiver is likely to believe. The targeted employee will likely accept the premise based on the authority of the sender and may end up making the transfer. No prizes for guessing that the funds disappear.

Sounds far-fetched? But it is real and happens more often than you think.

How can you avoid this growing threat to your business?

Business fraud is a bigger attraction for cyber con-artists than consumer fraud. After all, it is not just money that is at stake. There is data to think of and the reputational impact which can never be quantified.

Hackers may be after confidential information like legal or medical records. One thing that businesses must understand is that hackers strategy has evolved over the years – but often the starting point of all these malicious activities is email. Email opens many pathways – including malware that breaks into confidential systems and stealing credentials.

So many risks and yet a very simple resolution to the problem of business email compromise. Organizations can and should implement all possible measures to secure their email communications.
First of all, employees must be trained and provided with a clear guideline of verifying if an email has come from within the business. Digital signature is one possible way of doing this as they add a visible authentication mark to each email. You can implement digital signatures to prevent misuse.

Formalize email policies

It is a good idea to set out an email retention policy that lays out the rules. Train employees to purge emails that don’t support business efforts and enforce the guidelines to ensure they comply.
Some companies have a 60-90 standard that leads to automatic archiving and eventually permanent deletion. You may also need to send several reminders and notifications to implement this.

Password security

Another factor is password security. While employees set their own passwords for work computers and systems, these passwords must be reset in 45 days period. Also enable multi factor authentication whenever employees change their password.

Make sure they follow the golden rules of strong passwords with at least eight characters, a combination of numbers, upper and lower case letters and special characters. Consider allowing the use of password managers or single sign on functions. Ongoing training on email security and password sanctity is a must; and so are spot checks. Violation of email policies must be dealt with severely to set the right examples.

Private email providers

Private email providers offer a spam-free, secure and robust email experience for all types of users – business and personal. With features like end to end encryption, two factor authentication and custom domain support, ability to add users, whitelabel customization and support for multiple devices.
With GDPR compliance and several other data regulations, private email providers can resolve some of the biggest data and privacy challenges of today’s businesses.

Final words

Email is often the weakest link in an organization’s security posture. Anti-phishing solutions require a three-pronged approach – people, processes and technology to ensure that your email doesn’t spell doom for your business.