According to Accenture, a malware attack costs a company $2.4 million on average. Moreover, up to 76% of businesses reported that they had been a victim of phishing attacks in 2017. Not only can you lose money in an attack, but your clients’ personal data and your company’s reputation can also go down the drain overnight. With such high stakes, there’s really no excuse to not take email security seriously.
While phishing is the most prevalent email security threat globally, malware, data interception, and weak passwords create equally significant loopholes. To help understand how seriously businesses should take email security, here are direr statistics.
Loose security sink ships
SANS Institute published a report that showed that 95% of all attacks on enterprises are due to a successful spear phishing attempt.
Note that a spear-phishing attack involves a criminal targeting a small group of people via a personalized approach. For example, the “CEO” of a company sending a meeting invite via Gmail to his/her managers and prompting them to sign in to Gmail to RSVP.
Another report—the Verizon Data Breach Investigations Report—noted that targeted users opened 30% of phishing messages and that of those 30%, 12% clicked on either the malicious attachment or link.
If that’s not bad enough, research also suggests that after a security breach on a company, 60% of customers will consider leaving and up to 30% actually do.
With that in mind, the question is how can you protect your business through employee education and email security? Here are three essential ways to improve the security and privacy of your emails.
1. Ensure Your Employees Understand the Danger of Loading Images and Are Aware of Tracking Links
Often, companies that practice email marketing embed images of promotions or their products. Once the targeted user opens the email, it loads from the remote server, and it comes with tracking code or malware.
Employees ought to configure their email settings to ensure external images do not load by default. That way, if they scrutinize the email and think it is fishy, they can avoid loading the image altogether.
With regards to tracking links, those that are not genuine will send the targeted user to a phishing site or a site that hosts malware. To avoid this, educate your employees to always copy the link to a new tab or text editor in a bid to scrutinize it further.
2. Ensure That Your Internal Network Uses TLS and That Those Using External Email Clients Also Use TLS
Transport Layer Security encrypts all the connections to a website or server. If your internal network uses TLS, then any data across the channel is safe from those who would seek to intercept it.
Similarly, communication from any email client to the intended server would also be secure.
3. Insist on Strong Passwords
A seemingly easy thing to do but also one of the hardest to accomplish. Statistics indicate that while ten people know they should use strong and unique passwords for every account, six out of the ten do not do so.
Therefore, as a business owner, emphasize to your IT department that each employee should have a good password generator and a password manager to help ensure they have strong, unique, and random passwords. In addition, the accounts should also employ two-factor authentication.
The mentioned statistics should make anyone who has doubted the havoc that inattention to email security can cause react and start implementing email security best practices.