Email Security Trends for 2018
Spam continues to make up 60% of most incoming email. Dealing with all of that garbage mail can be a huge time suck and clicking on any of the trash links that are included in spam emails can be devastating. Using filters is critical to monitor emails and cut through the noise. It also provides added security, as there isn’t any temptation to click any disreputable links. Lost time is not found again, and trying to filter messages yourself will result in a lot of wasted time. Beyond filters, having the added security of blocking access to links can keep you from wondering who is clicking on what.
The best defense against ransomware attacks, however, remains having a healthy and regular backup system in place. If there is a critical situation where a hacker gains control of your IT infrastructure, doing a full shutdown is far less gut-wrenching when you know that you can return to work quickly with your files intact.
Targeted phishing attacks are the biggest rising threat to businesses today. Phishing and malware are still one of the prime methods for first round attacks, and once a system has been compromised, ransomware demands generally aren’t far behind. This is likely to continue in 2018, but spear-phishing is becoming increasingly sophisticated. In a spear-phish, malicious actors will spoof an email to your Accounts Payable department, or worse, your CFO. These types of attacks are becoming harder to spot.
The level of fakery that goes on is staggering, and whereas phishing attacks of old counted on a large volume of small amounts of money, spear-phishing is like trying to land the Big Kahuna. A convincing email to the right person can end up costing your company thousands of dollars, and there is often little chance of recovering what you lose.
Your employees are your first line of defense. Properly educating everyone in your company on how to identify phishing and embedded malware in emails is fundamental to maintaining sound email security. Yet even people who know what to look for can get taken in by a persuasive email. It is becoming imperative that you implement authentication measures with email.
Configuring a sender policy framework (SPF), domain keys identified mail (DKIM), and domain-based message authentication, reporting, and conformance (DMARC) are three ways that a company can protect their incoming mail. The SPF tells recipients where your email should come from; DKIM is a cryptographic measure that prevents interference and confirms who sent the email, and DMARC tells the recipient of the email what SPF and DKIM attributes to expect, and what to do if these checks are unsuccessful.
Staying vigilant continues to be one of the best defenses for maintaining tough and reliable email security. The interconnectivity that email affords comes with a potential cost as well, namely the dispersal of malicious code. Not all press is good press, especially if you end up responsible for the spread of disreputable content or malware. To be sure your company is using best practices, consider an outsourced IT provider and avoid unnecessary embarrassment or lost business.