Phishing is the leading type of fraud globally, with 96% of phishing attacks delivered via e-mail, according to SYNAQ.
Jared van Ast, Head of Product at SYNAQ, says businesses need to do three things to mitigate e-mail risk: they need to create cyber security awareness across the organisation; they should set up a secure e-mail gateway; and they have to reinforce a zero trust mentality into their culture.
“E-mail is the number one targeted attack surface out there and that’s primarily because the majority of mailboxes are controlled by a human user. People are creatures of habit, and in today’s workplace, are largely operating under pressure. They take the perceived ‘simplicity’ of e-mail for granted and are curious by nature. All of these characteristics can result in high risk behaviour when it comes to opening potentially risky e-mails.”
All business networks are highly targeted, making the company’s mailbox users both its best and worst line of defence.
Van Ast outlines three innovative and smart things that businesses can do to minimise the risk of network breach through e-mail:
1. Awareness
Send staff on compulsory cyber security awareness training. Everyone is responsible for the company’s sustainability.
“If you have a mailbox, you have a responsibility to govern and use that mailbox in ways that not only enhance productivity, but that reduce risk of compromise for everyone. According to Techtarget, 43% of users are unaware that by clicking an unknown link or attachment, it can have devastating effects for your cyber resiliency.”
2. Get a secure e-mail gateway (SEG) solution
It is a well-known fact that traditional onboard (Windows) firewalls and anti-virus engines are simply not enough to protect users from their own behaviour and habits. “You need advanced protection that scours all inbound and outbound mail for known malware, and removes it from the network before it even hits the mailbox.”
There are a variety of solutions to choose from. Some core functionality that should form your minimum selection criteria are:
- It must scan and clean all inbound and outbound mail;
- It should offer URL rewriting integrated into the product features – this stops users from clicking on dodgy URLs that lead to malware or phishing sites;
- There must be business e-mail compromise (BEC) functionality that prevents unauthorised mailbox takeovers and fraudulent e-mail hijacking; and
- It should be simple to deploy and manage and have local support.
3. Foster a zero trust mentality
This talks to awareness, but takes it to the next level by embedding a zero-trust mentality into the user behaviour culture of the company. Everyone needs to always ask the question: “If I am unsure of this link and I click on it, what could happen?” If in doubt, it’s always better to err on the side of caution.
Recent stats suggest that 48% of malware enters the organisation via attachments sent via e-mail. If you’re unsure of the sender, hover your mouse over the sender’s e-mail address and see if you recognise the address or if it seems to be legit.
In closing
SYNAQ maintains that the business mailbox is the most targeted gateway into your network. “Ensure that there’s a decent level of security awareness across your organisation, so that there’s a collective understanding of the nature and scale of the risk. Invest in an affordable, specialised tool to support your users and protect your systems with automated efficiency. Every mailbox user needs to put suspicion into daily practice and remain aware of their individual responsibility to the rest of the tribe.
“Lastly, if you’re worried that you have clicked on a suspicious link or opened a weird attachment, contact your IT support department immediately. And inform your colleagues at the same time to stop any unwanted spread via inter/intra-office tools.”
Share