We can all agree that data security is important, but did you know that email security is often overlooked? With phishing attacks and other malicious emails on the rise, it is more important than ever to ensure your organization is prepared and secure. To give you some insight, our trusted partner and leading IT Security company, Barracuda, collected the following statistics regarding email security:
Email Security Statistics
- Business email compromise attacks organizations more than $26 billion in the past 3 years.
- Out of 383,780 mailboxes scanned, nearly 500,000 malicious messages were identified in a 30 day period.
- 1 in 7 organizations experienced lateral-phishing attacks within a 7 month period.
- Government organizations, like local government or public schools, are the intended victim of nearly 2/3 of all ransomware.
- More than 1.5 million malicious and spam emails were sent from hacked Office 365 accounts in just one month.
Here are 5 steps that your organization can take immediately to reduce the risks posed by cybercriminals:
1. Upgrade Email Security from Office 365
Microsoft's Office 365 email security, Advanced Threat Protection, is behind other technology on the market from security vendors. Reviewing your current email and malware protection systems is essential to proper security planning. Email security products build by Barracuda Networks, Proofpoint, and Mimecast all provide advanced protection for email against threats like spam and malware delivery. These systems have superior technical capabilities to Microsoft Advanced Threat Protection such as an integrated ability to whitelist or mark domains safe and scan for embedded malware threats.
2. Create a Formal Security Compliance Document
Your formal security compliance document should provide the framework for how your employees should handle, share, and store sensitive data. The policy should address password management systems, password policies, required frequency of data backup, and acceptable use policies for both company owned and employee owned devices, applications, and services such as social media accounts. This document will help your employees understand what is expected from them as well as keep your organization safe.
3. Build a Multi-Layer Defense for Email Security
By adding additional layers to your basic email security, you are protecting your organization against ever-increasingly sophisticated attacks. Some extra layers of defense could include sandboxing attachments, time of click URL analysis, and Artificial Intelligence scans of emails and attachments. Implement or review your existing firewall perimeter security and network access control systems to ensure effectiveness and for an added layer of security.
4. Review Your Office 365 Tenant Security Settings
Many organizations do not take the time to review or modify their default email service settings within their Office 365 tenant, and it is not uncommon for cybercriminals to take advantage of this. Your Office 365 security rules govern the basic security of your organization, so changes must be made. Adjust your tenant administrators to as few as possible, ensure all IT personally use a domain admin password when making changes, and block all rule changes originating from outside domain.
5. Implement Email Usage Best Practice and Backup Procedures
Each of your employees, particularly executives and the financial department, should understand the risks of providing personal information that could be used by cybercriminals. By ensuring that your employees utilizes passwords on work email systems that are very different from their personal accounts will help to protect the organization. All email systems, including Office 365, should be regularly backed up by an outside cloud service because Microsoft does not guarantee data beyond 30 days.