Email is the place where your employees interact most directly with cybercriminals looking to steal your money and your data. Is your business prepared?
Despite tech companies offering alternatives such as Slack and Microsoft Teams, the number of emails sent daily is expected to rise from 281 billion in 2018 to 347 billion in 2022.
Email therefore is and will remain a critical part of any business. However, it is also a key area of business risk, where cybercriminals can interact directly with employees and bypass other business security systems. As the volume of emails continues to grow, overloaded employees will become increasingly likely to make mistakes. They risk losing money and clients’ sensitive data. Anti-virus and other security software is important for a business, but it doesn’t provide the unique support that email requires.
How can business owners protect themselves? Using a specialised email protection software (also called anti-spam or anti-phishing software) is a great place to start.
What Are the Advantages of Using Email Security Software?
1) Phishing emails aren’t always easy for employees to spot. A software system will catch them much more effectively.
Most employees will know that the person offering $10,000 in gold bullion is a scammer. However, when client ‘John Smith’ sends them an email, are they equally likely to realise that John Smith’s email address now has two characters different, even though his screen name is the same?
When employees are receiving anything from 10s to 100s of emails every day, it is easy to miss those small signs that an email isn’t genuine. A software programme will spot them every time – and will also identify other rogue ‘indicators’ such as recency of domain creation that your employees would not be checking.
Email security software has advanced threat detection, checking for a wide range of ‘indicators’ including domain names, ‘look alike’ and ‘sound alike’ addresses, display names, IP addresses, website links, attachments and more. It is a much more reliable method of identifying emails that could cause harm to your business.
2) Protect your business from CEO fraud and other targeted impersonation or ‘spear phishing’ attacks.
There are two broad types of email scams – mass and targeted. Mass email scams are sent to thousands of email accounts, with the hope that a small percentage will fall for it. For example, take a look at this recent email scam in which recipients were told the scammer had a compromising video of them.
Targeted attacks are uniquely crafted around one company. The scammer will go to a lot of effort to mimic the organisation’s domain address, branding and even the language used by the person they are pretending to be. They will also carefully pick the time of day – for example, emailing a junior team member at 3pm on a Friday ‘from the CEO’, on a date when they know that the CEO is out of the office.
Targeted attacks are increasingly aimed at SMEs, especially those in professional services businesses such as lawyers or accountants, who are handling client money and sensitive information. Criminals believe that SMEs have lower levels of email security and will be easier to fool. The Law Society of Ireland released a warning in January 2019 after a law firm lost €97,000 of client money to a criminal.
Whilst cybercriminals can make these emails indistinguishable to the human eye, an email security system can spot those small signs that the email is not genuine. This is your best protection against targeted, sophisticated email threats.
3) A quarantine system allows you complete control over what you let into your inbox – meaning that you won’t miss a thing.
When email security software identifies potential spam, it places it in ‘quarantine’, allowing users to review it without compromising their inbox.
This means that you can choose exactly what you let into your system. You can choose to let in mass marketing emails that you find useful, or emails from clients with links that have been flagged as suspicious, but which you know are genuine.
Equally, when John Smith’s email goes into the quarantine, you will think twice before clicking on the ‘invoice link’ that you would normally just open. The email security software will tell you why it believes the link is suspicious – and you can double-check with John Smith before you click and download a virus.
4) Artificial intelligence will protect you from today’s attacks, rather than yesterday’s.
It is important to give your employees cybersecurity training to help them identify potentially suspicious behaviours. The best email security system in the world won’t protect you from an employee who releases a suspicious email from the quarantine and then clicks on a malicious link. This is why employees need to understand the ‘why’ as well as the ‘what’ of safe email communications.
However, you can only train them with information that you have – and with cyberthreats constantly evolving, it is inevitable that their inboxes will be the subject of brand new attacks. Advanced email security solutions use machine learning and artificial intelligence to understand the behavioural indicators of attacks and stop the first instance of a new attack type as it unfolds.
5) It’s not just cybercriminals that email security software can protect against.
Mass marketing is more popular than ever – and it is taking up your employees’ time and attention. Studies have found that it can take twenty or more minutes to regain full concentration after an interruption. When your employees are being interrupted multiple times a day by irrelevant emails, the effect this has on their productivity quickly starts to add up.
A spam filtering system will identify mass-sent emails and quarantine them. Your employees can then decide whether these emails are worth their time. Unsolicited mass emails can be discarded without reading, potentially interesting emails can be previewed and the genuinely useful emails can be released into their inbox and allowed through in the future.
Nobody wants to miss a vital email from a senior colleague or client, but constantly checking notifications can having a damaging effect on employee concentration levels. Keeping those notifications to a minimum benefits both employers and staff.
What Are the Consequences if I Don’t Invest in Email Security Software?
Many businesses decide to go it alone and trust in their employees to spot and avoid potential scams. However, as you have seen, if a cybercriminal is targeting your firm directly, it can be next to impossible for employees to spot.
Email security software gives you an extra pair of eyes that are always watching, always scanning emails for those subtle signs that users might miss.
For businesses looking to lower their risk profile, protecting themselves and their clients, email security really is a ‘must have’!