By Jared Hrabak, Consulting Cybersecurity Engineer
“Yeah, so I’ve decided to go with the mediocre surgeon for my hip replacement surgery. I’m sure it will be fine.”
“Hey, we’re meeting friends for dinner tonight; we’re going to that so-so sushi place… you in?”
… said NO ONE EVER.
There are just some things you shouldn’t compromise on, whether it’s major surgery, a sushi dinner night out with friends, or your email security. Email is still the top vector for malware delivery and phishing attacks. According to the Mimecast State of Email Security 2023 Report, 97% of organizations experienced email-based phishing attacks in 2023. The report noted the growing sophistication of attacks, increasing the number of phishing emails getting through standard perimeter detection. This indicates that email attacks will continue to present a challenge to businesses as long as attackers continue to elude standard e-mail security systems and find victims who take the bait.
So, if you’ve ever thought or said out loud to anyone something like, “We get email security free with [fill in the blank], so that’s good enough,” then you may just want to rethink your current email security strategy.
Going Beyond Basic Email Security
Thus, here are three key reasons why this ‘good enough’ approach to email security strategy won’t cut it… and, more importantly, what you can do about it starting today.
1. You don’t know what you don’t know… and threats change daily. The threat environment is constantly evolving, so perform a regular risk assessment on your email system to uncover vulnerabilities and weak points that need to be addressed sooner rather than later.
2. Verify if your current email system has the right security features for your unique business requirements and that it is actually turned on. I’m equally surprised at the number of clients we talk to that indeed have a relatively robust email platform with modern security features, yet many of the most critical features are not enabled.
3. Monitoring outbound mail is just as important as inbound. The FBI’s Internet Crime Complaint Center (IC3) reported businesses lost over $433 million from Business Email Compromise (BEC) alone in 2022, a 50% increase from the previous year. A BEC attack happens when a cybercriminal sends an email pretending to be an employee, vendor, or other trusted entity to skillfully mislead the employee into disclosing confidential information or transferring large sums of money or gift cards. Monitoring your outbound email can help identify these scams before they become a major incident.
Whether you recently rolled out a new email system or you’ve had it for many years (with regular upgrades), look for an alternative, proven way to run a security check on your inbound email to look for spam, malware, viruses, malicious attachments and URLs, phishing and impersonation risks.
Email continues to be a fraud target, and it will likely be for some time to come. The good news is that you can run a “check and balance” risk test of your current system to understand what kind of threats may be getting in without your knowledge.
MicroAge can help you with a comprehensive email security risk assessment to protect your business. The assessment includes an aggregated analysis of tests that measure the efficacy of your current email solution and provide actionable information to re-prioritize your email security strategies.
Is your e-mail protection doing all it should?
Contact us today at (800) 544-8877 about starting an email security risk assessment, and we’ll help you advance the ball.
“As a Cybersecurity Engineer, Jared partners with clients to help them identify product solutions that match their cybersecurity governance, risk and compliance objectives. He enjoys educating and advocating for a successful cybersecurity practice by focusing on client success. Jared brings a wealth of experience in content filtering, cybersecurity operations, and military service to help put clients on the path to success.”Jared HrabakConsulting Cybersecurity Engineer