Email is a critical component of most modern businesses. It's common to share critical and sensitive data via email, but how do we protect that data? In this section, we’re going to discuss common security practices companies of all sizes can take to secure their email.
What Is At Stake?
It’s not uncommon for company email boxes to store many years of email. When an attacker accesses a user's email account, it is not usually possible to determine what data has been accessed. Perhaps your company receives patent information, bank account routing numbers, or even medical appointment data via email. In most areas, the loss of that kind of data must be reported in accordance with laws.
Beyond email, it’s common to see the same usernames and passwords used on other systems - especially in bundled services like Office 365 and GSuite. For example, the loss of GSuite credentials gives the attacker access to Google Drive, Calendar, and other included web applications.
These attacks are typically extremely costly and can be devastating to even the largest of businesses. It’s important to understand the threats and what can be done to avoid these threats from becoming disasters.
Threats to Consider
There are two primary threat areas to consider when discussing business email compromise.
-
Password Loss, Theft, or Guessing - Passwords are one of the weakest points in system authentication. Passwords can be stolen, accidentally exposed, or even guessed given enough time.
-
Phishing or Social Engineering - Email phishing happens nearly continuously to most organizations. Phishing is a form of social engineering whereby an attacker sends fraudulent emails designed to steal data, passwords, or even money.
Prevention
The following knowledgebase articles have been developed to help you secure your business email systems.
For more information on this topic, please reach out to us; we’re here to help!