Business email security

In this tech insight, we take a look at the many threats to email security that businesses face and what businesses can do to mitigate them, together with what help is available to help tackle those threats effectively.

Email Accounts For Most Security Breaches

Prioritising email security is important because most cyber-security breaches involve email, with social engineering a strongly favoured tactic favoured by cyber-criminals and 99 per cent of email attacks relying on victims clicking links (Proofpoint Annual Human Factor Report).

Types of Email-Based Attacks

The many different types of email attack threats that businesses face include targeted phishing schemes, business email compromises, and ransomware attacks. For example:

Ransomware

The Check Points mid-year security report in August this year showed that ransomware attacks (for extortion) have increased dramatically over the past year, with 93 per cent more attacks carried out in the first half of 2021, and with ransomware now appearing in 10 per cent of breaches (Verizon).

Phishing

This cheap, easy, and highly effective tactic uses emails purporting to be from reputable sources containing links that (if clicked-on) direct the victim to pages where payment and other personal data is stolen or malware is downloaded. For example, at the end of 2019, Thomas Cook customers were targeted by phishing attacks in the wake of the travel company going into receivership. Verizon’s 2021 Data Breach Investigations Report shows that phishing increased by 11 per cent from Aug 2020 to Aug 2021 and that phishing is present in 36 per cent of breaches. The National Cyber Security Centre offers advice on how to protect your business/organisation from phishing attacks here: https://www.ncsc.gov.uk/guidance/phishing.

Malware

Malware attachments to emails: It is estimated that a business is targeted by a ransomware attack every 11 seconds (Kaspersky) and Between 2019 and 2020, ransomware attacks rose by 62 percent. Malware is now involved in over 70 per cent of system intrusion (Verizon). Common forms of malware include viruses, worms, Trojan Horses, spyware, adware, and ransomware. Remote Access Trojans (RATs), for example, are malicious programs that can arrive as email attachments and provide a ‘back door’ for administrative control over the target computer, and can be adapted to avoid detection and to carry other types of attack tactics including disabling anti-malware solutions and enabling man-in-the-middle attacks.

BEC and VEC

Whereas Business Email Compromise (BEC) attacks have been successful at using email fraud combined with social engineering to bait one staff member at-a-time to extract money from a targeted organisation, security experts say that this kind of attack is morphing into a much wider threat of ‘VEC’ (Vendor Email Compromise). This is a larger and more sophisticated version which, using email as a key component, seeks to leverage organisations against their own suppliers.

AI-based threats

Many technology and security experts agree that AI is likely to be used in cyberattacks in the near future and its ability to learn and to keep trying to reach its target (e.g. in the form of malware) make it a formidable threat. Email is the most likely means by which malware can reach and attack networks and systems, so there has never been a better time to step up email security, train and educate staff about malicious email threats, how to spot them and how to deal with them. The addition of AI to the mix may make it more difficult for malicious emails to be spotted. The good news for businesses, however, is that AI and machine learning is already used in some anti-virus software (e.g. Avast) and this trend of using AI in security solutions to counter AI security threats is a trend that is likely to continue.

Protecting Your Email From Common Threats

Ways to protect your email from common security threats include:

Always keeping anti-virus and patching up to date. Staff education and training; e.g. how to spot suspicious emails and what to do/what not to do, such as not clicking on links from unknown sources. Disabling HTML emails if possible (text-only emails can’t launch malware directly). Encrypting sensitive data and communications as an added layer of protection. Getting into the routine of checking your bank account’s activity for suspicious charges. Making sure important and sensitive company data is backed up and including business email compromise (BEC) in business continuity planning and disaster recovery planning. Preventing email archives from being publicly exposed; e.g. by making sure that archive storage drives are configured correctly. Monitoring for any exposed credentials (particularly those of finance department emails). Using two-Factor Authentication (2FA) where possible, and enterprise users may wish to block .html and .htm attachments at the email gateway level so that they don’t reach members of staff, some of whom may not be up to speed with their Internet security knowledge. Not using the same password for multiple platforms and websites (password sharing). This is because credentials stolen in one breach are likely to be tried on many other websites by other cyber-criminals (credential stuffing) who have purchased/acquired them (e.g. on the dark web).

Broad Methods and New Approaches to Email Security

Other broader methods that companies can use to protect their email security include:

Adopting a ‘zero-trust’, “never trust, always verify” approach to company cyber security. The control that administrators have, and the monitoring and alerting can help dramatically reduce risk, including with company emails. Moving from perimeter to pervasive email security, e.g. as suggested by Mimecast’s CEO Peter Bauer.  This involves dealing with threats to the perimeter, from inside the perimeter, and from beyond the perimeter, plus an API-led approach to help deliver pervasive security throughout all zones.

Tech Company Help

Ways offered by tech companies to help businesses and organisations keep their email secure include:

Microsoft

Outlook’s Junk Email Filter, and the Report Message add-in for Outlook.

Office 365’s Advanced Threat Protection (ATP) plans. Secure Score for Office 365 / Microsoft 365 Defender portal – a way to measure and get suggestions about how to protect your business from threats, all through a centralised dashboard – find out more here: Microsoft Secure Score | Microsoft Docs The “campaign views” tool in Office 365 that is designed to offer greater protection from phishing attacks by enabling businesses to be able to spot the pattern of a phishing campaign over individual messages. Offering online advice for protecting Outlook email accounts – see Help protect your Outlook.com email account (microsoft.com). Microsoft is making its plus addressing (disposable email address), custom email feature available to all Office 365 users by adding it to Exchange Online.

Google

Google also offers a number of tools and suggestions, including:

Advanced Gmail security for phishing and malware for G Suite administrators  – see Advanced phishing and malware protection – Google Workspace Admin Help. Offering steps to identify compromised accounts – see Identify and secure compromised accounts – Google Workspace Admin Help. Advice on Firewall settings. Blocking malicious emails before they reach email boxes.  For example, on its Cloud blog on 16 April 2020, Google reported that Gmail blocks more than 100 million phishing emails each day.

What Does This Mean For Your Business?

With so many types of attacks relying upon email as a way in (e.g. phishing), effective email security is vital.

Businesses and organisations need to make sure that they are prepared to not just effectively defend against the whole range of email attacks but are be able to spot and eliminate threats as they arrive, and ensure that staff are aware of email threats and know what to do when faced with suspicious emails and links.

Also, attackers adapt their campaigns and methods very quickly, and use methods that can evade the more common protection solutions (i.e. ‘polymorphic’ attacks) so businesses and organisations must find ways to get a fuller picture of the email threats they face and find solutions that can focus effectively on zero-day and targeted attacks in addition to known vectors.

With the threat of AI-based attacks now on the horizon too, there has never been a more important time for businesses to take a very close look at what more they could be doing to maximise their email security.

About Us

J700 Group are a Lancashire-based, family-run, professional and responsive, Managed Solutions Provider helping Businesses, the Education Sector, and the Healthcare Sector to utilise Innovative IT Consultancy Services, Cloud Solutions, Cyber Security, Microsoft 365, Telecoms, Web Design and SEO solutions to propel their organisation to the next level and beyond.

As an experienced IT Support Provider, helping businesses across Lancashire & Manchester, if you need any assistance with your IT including IT Hardware, a Disaster Recovery Policy or Managed Backup Solutions; Call us today: 0333 7721 700  to see how we can help your business.

Where to find us: Prinny Mill Business Centre, 68 Blackburn Road, Haslingden, Lancashire, BB4 5HL

Enjoyed this? Read more from J700 Group Limited

Latest news

1

University-led £4.9 million initiative to turbocharge North West England’s cyber ambitions The data immersion suite at Lancaster University

University-led £4.9 million initiative to turbocharge North West England’s cyber ambitions

20 Nov 2024

2

Staci UK earns Great Place to Work® certification, amid major expansion plans Staci UK Fulfilment teams

Staci UK earns Great Place to Work® certification, amid major expansion plans

20 Nov 2024

3

Harrison Drury merges with specialist Merseyside law firm John Chesworth, Adele Spence, John Osborne

Harrison Drury merges with specialist Merseyside law firm

20 Nov 2024

4

Better transport links are key if Lancashire is to drive up productivity Katie Day strategy director at Transport for the North

Better transport links are key if Lancashire is to drive up productivity

19 Nov 2024

5

Farleys strengthens Private Client Team with Preston appointment Katy Shakeshaft and Victoria Marsh from Farleys

Farleys strengthens Private Client Team with Preston appointment

19 Nov 2024

PC PrestonMacan GIF980x120
Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
The Lancashire Festival of Business
FOB 315
Exhibitions
30 Jan 2025

The Lancashire Festival of Business

Impact Conferencing, Burnley, BB12 6QP

09:00 - 16:00

RISE - The Academy for Female Leaders and Managers
WENDY BOWERS RISE Illustrstion copy.jpg.jpg
LBV Hub Seminars
11 Jun 2024 - 04 Dec 2024

RISE - The Academy for Female Leaders and Managers

East Lancashire Chamber of Commerce, Clayton le Moors, BB5 5JR

09:00 - 16:30

Skills Bootcamp in Procurement - Cohort 2
Blue-Modern-Land-Travel-Youtube-Thumbnail-2-1024x576.png.png
LBV Hub Seminars
15 Oct 2024 - 17 Dec 2024

Skills Bootcamp in Procurement - Cohort 2

Community & Business Partners CIC, Blackburn, BB2 3UA

09:30 - 13:00

SPARK The Apprenticeship Marketplace
UCLanAerialCampus.jpg.jpg
LBV Hub Networking
21 Nov 2024 - 21 Nov 2024

SPARK The Apprenticeship Marketplace

University of Central Lancashire, Preston, PR1 2HE

09:30 - 13:00

Blackburn & Darwen Youth Zone Quiz Returns for 10th Year!
Quiz Pic.jpg.jpg
LBV Hub Fundraisers
21 Nov 2024 - 21 Nov 2024

Blackburn & Darwen Youth Zone Quiz Returns for 10th Year!

Accrington Stanley Football Club, Accrington, BB5 5BX

17:00 - 20:30

Emergency First Aid at Work
Chamber Logo1.png.png
LBV Hub Seminars
21 Nov 2024

Emergency First Aid at Work

FGH Training, 3rd Floor, Storey House, White Cross Business Park, Lancaster, LA1 4XQ

09:00 - 05:00

Lancashire Business Day 2024
231124LBVLancashireDayEventweb 5782
Networking
22 Nov 2024

Lancashire Business Day 2024

Blackburn Rovers Football Club, Blackburn, BB2 4JF

12:00 - 17:00

NLP Diploma Foundations
nlp nov 24.png.png
LBV Hub Seminars
22 Nov 2024 - 24 Nov 2024

NLP Diploma Foundations

Unlocking Possibilities training venue, 166 Waterloo Road , Blackpool, FY4 2AF

09:00 - 17:00

CQI and IRCA Lead Auditor Training Course ISO 9001 – Quality Management Systems (QMS) - REMOTE
IRCA-Certified-Course.jpg.jpg
LBV Hub Webinar
25 Nov 2024 - 29 Nov 2024

CQI and IRCA Lead Auditor Training Course ISO 9001 – Quality Management Systems (QMS) - REMOTE

Via MS Teams Link - RKMS Group , Blackpool, FY4 2DP

09:00 - 17:00

Preston Freelancer Meet-Up
Freelancer-Meet-Up-Nov.png.png
LBV Hub Networking
26 Nov 2024 - 26 Nov 2024

Preston Freelancer Meet-Up

Society1 Coworking Space, Preston, PR1 3LT

10:00 - 11:00

Chamber Breakfast Networking
Chamber Logo.jpg.jpg
LBV Hub Networking
27 Nov 2024 - 27 Nov 2024

Chamber Breakfast Networking

Lancaster Golf Club, Ashton Hall, Lancaster, LA2 0AJ

08:00 - 10:00

Kickstart Networking - End of Year Celebration
Gold White Simple Christmas Party Instagram Post (Square).png.png
LBV Hub Networking
29 Nov 2024

Kickstart Networking - End of Year Celebration

Esc CC, Clitheroe, BB7 2DA

17:00 - 21:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more LBV118 Online Graphic
Subscribe now

Weekly news bulletin