Why a “Good Enough” Approach to Email Security is Risky Business & What to Do Next

By Jared Hrabak, Consulting Cybersecurity Engineer, cStor

“Yeah, so I’ve decided I’m going with the mediocre surgeon for my hip replacement surgery on the 16th next month, I’m sure it will be fine.”

“Hey, we’re meeting friends for dinner tonight, we’re getting that’s so-so sushi… you in?”

… Said NO ONE EVER.

There are just some things you shouldn’t compromise on, whether it’s major surgery, your sushi dinner night out with friends, and yes… your email security. Email fraud and phishing attacks still account for 90% of all data breaches,¹ and there are 1.5 million new phishing sites created every month, according to recent data from the FBI. Phishing attacks and email fraud are alive and well, and still growing. In fact, 76% of businesses reported falling victim to an email attack in 2019, and attacks grew 65% from 2018 to 2019. There are no indications that email attacks will slow down or cease altogether any time soon. As long as attackers continue to find victims who take the bait, attempts will continue, and tactics will become more and more sophisticated over time.

So, if you’ve ever thought or said out loud to anyone something like, “We get email security free with [fill in the blank], so that’s good enough,” then you may just want to rethink your current email security strategy.

Thus, here are three key reasons why this ‘good enough’ approach to email security strategy just won’t cut it… and more importantly, what you can do about it starting today.

1. You don’t know what you don’t know… and threats change daily. The threat environment is constantly changing, so perform a regular risk assessment on your email system to uncover vulnerabilities and weak points that need to be addressed sooner versus later.
2. Verify if your current email system not only has the right security features for your unique business requirements but that they are actually turned on. I’m equally surprised at the number of clients we talk to that indeed have a relatively robust email platform complete with modern or lax security features, yet many of the most critical features are not enabled.
3. Monitoring outbound mail is just as important as inbound. In 2019, the FBI’s Internet Crime Complaint Center (IC3) received over 23 thousand complaints regarding Business Email Compromise (BED) and Email Account Compromise (EAC) with losses over $1.7 billion.² These were compromised of vendor emails, lawyers and real estate companies asking for large amounts of gift cards or wire transfers. Therefore, monitoring your outbound email can also help identify problems before they become an incident.

Whether you recently rolled out a new email system or you’ve had it for many years (with regular upgrades), look for an alternative, proven way to run a security check on your inbound email to look for spam, malware, viruses, malicious attachments and URLs, phishing and impersonation risks.

Email continues to be a fraud target and it will likely be for some time to come. The good news is that you can run a “check and balance” risk test of your current system to understand what kind of threats may be getting in without your knowledge.

cStor has partnered with Mimecast, a leader in email security and resilience with more than 35,000 customers worldwide, to offer a free Email Security Risk Assessment (ESRA). The ESRA is an aggregated analysis of tests that measure the efficacy of your incumbent email solution. The assessment offers visibility into your current environment and provides actionable information that can be used to re-prioritize your email security strategies. To learn more about the ESRA and to schedule a consultation, simply contact your cStor account manager, call us at 1.877.278.6781 or visit our website.

¹ “2019 Phishing Statistics and Email Fraud Statistics.” Retruster. https://bit.ly/39hGjwh
² FBI Internet Crime Complaint Center (IC3), 2019, https://bit.ly/2vl8A64