People send an estimated 205 billion emails each day, amounting to 2.4 emails per second and a whopping 74 trillion annually. Whether sent for business or leisure, these emails carry important details about our lives, from bank account data to home addresses to sensitive company information. If someone hacked into your email accounts today, what information could they access? It’s a scary thought. As email popularity grows, so does the prevalence of schemers and criminals looking for clever ways to access all your sensitive information.
For companies that conduct much of their business via email, this type of security should be a top priority. It only takes one misstep by one employee to cause a host of data vulnerability issues for a company. More than ever, companies must protect their email communications through a combination of employee education and heightened email security like encryption.
Microsoft recently released a list of the most common email threats users ignore, both individuals and companies. Are you or your employees making these security mistakes? Take a look at these common email security threats and helpful solutions to safeguard your messages moving forward.
Problem #1 — No Email Encryption
Sending email through a secure server is not enough to keep information out of the wrong hands. Instead, companies and individuals that send sensitive information via email need encryption-specific services. With this extra layer of protection, only individuals with the encryption key can open and read emails. This type of encryption protection is vital to all company emails, even those sent on a private device.
Solution: Invest in encryption services for email. Paying a nominal fee every month or annually is more than worth the encryption protection and peace of mind it provides.
Problem #2 — Sensitive Information Stored on Mobile Phones
With more companies allowing employees remote access from their mobile devices, security issues are on the rise. A phone in the wrong hands can compromise all the data in it. Most phones do require passwords to log in, but to really protect the information inside, mobile phone users should go a step further. Think about it: If a person managed to get past your master password, how much access would that individual have to everything on your phone? Every app, every email, every text message? That’s a ton of data protected by just a few digits. Reinforced email protection on mobile phones is necessary to keep this information safe.
Solution: Companies should limit the information allowed on employee mobile devices. Both companies and individuals should add password protection to the opening of email applications on mobile devices (and use encrypted email — see problem #1).
Problem #3 — Credential Sharing
Most employees share their passwords and login details with colleagues, usually with the best of intentions. Sometimes credentials are even shared with people outside the company. In both scenarios, the problem lies in accountability. While the employee may guard the information carefully, the people with the borrowed credentials may not follow the same philosophy. If someone compromises email data, who’s to blame? Companies need to have policies outlined that address this issue and encourage employees never to share credentials and to find other ways to streamline information.
Solution: Put disciplinary credential sharing polices in place that remind employees that the information in their email and other company entities is their responsibility to safeguard.
Problem #4 — Mobile Number Schemes
Most people are hyper-aware of email schemes that ask for unsolicited personal information, but did you know it can happen through text as well? A popular scheme is for a mobile phone user to receive a text claiming it’s from an email provider like Gmail or Outlook. Once the mobile user confirms by replying, the schemer sends a verification text that’s actually generated by the real email provider for the purpose of resetting a password. Once schemers receive that code, they can change an email password and wreak havoc.
Solution: Never respond to text messages you did not generate that ask for verification codes or passwords.
Problem #5 — Holding Email Hostage
A rising online crime is crypto-ransomware. In essence, attackers send an email that looks legitimate, like a utility bill, and take over the email (or even an entire computer) until you pay a fee, or ransom. The hackers often hold the information hostage using encryption, which is ironic because strengthening encryption by the user can help prevent such attacks. Understandably, email accounts with sensitive company information are a more lucrative target for these hackers. Since these crimes are still fairly new, law enforcement cannot keep up with the volume, and as companies know, even a few hours without data or email access can cost a lot in time and money.
Solution: Heightened email encryption can eliminate this threat. Also, employees should understand how these crimes operate so they move with caution when it comes to unrecognized (or phishy) emails.
Before electronic storage existed, companies had strict rules on collecting, storing, and destroying information. Technology has evolved more rapidly than the safeguards in place for it, and it’s up to companies to protect their own data vigilantly. Are you doing enough to keep your email communications secure?
LuxSci founder Erik Kangas has an impressive mix of academic research and software architecture expertise, including: undergraduate degree from Case Western Reserve University in physics and mathematics, PhD from MIT in computational biophysics, senior software engineer at Akamai Technologies, and visiting professor in physics at MIT. Chief architect and developer at LuxSci since 1999, Erik focuses on elegant, efficient, and robust solutions for scalable email and web hosting services, with a primary focus on Internet security. Lecturing nationally and internationally, Erik also serves as technical advisor to Mediprocity, which specializes in mobile-centric, secure HIPAA-compliant messaging. When he takes a break from LuxSci, Erik can be found gleefully pursuing endurance sports, having completed a full Ironman triathlon and numerous marathons and half Ironman triathlons.
