5 Commonly Overlooked Security Threats

 The Internet is a vast place that brings amazing information to our fingertips in a matter of seconds. While this is a wonderful attribute, it also can be dangerous to your personal information or business’s data. That’s because there are hackers out there just itching to access your information and email is still a common way they accomplish this feat. And as we’ve seen through several recent examples—including the 2015 Pentagon and 2014 Sony email hacks—simply having a “strong” email password isn’t enough to keep your data from being compromised.

While some may jokingly (or not-so-jokingly) call for less email usage and more frequent use of the phone to communicate important information, it’s not always possible in our highly digital world. So in addition to being cautious about what is communicated in your emails, it’s important to understand how to protect those emails in the first place. To ensure secure email on your personal and work devices, you first have to recognize threats to your email system—including the less common ones.

Overlooked security threats

Here are five often overlooked threats to your email security:

  1. Social engineering schemes that use your mobile number—Did you know that attackers only need your mobile number to trick you into giving access to your email? Essentially, they’ll send you a text posing as your email provider (e.g., Outlook) and tell you you’re about to receive a code to ensure your email account is secure. This text will then ask you to reply with the code to confirm. Then, they’ll trigger the password reset process, you’ll receive a real message with the unlock code—and if you send it to the attackers unknowingly—they’ll use it to reset your password without your knowledge. Check out this video if you want more specifics on this scheme.
  2. Sharing your access credentials with others—It’s common for some employees to share their credentials—including their password—with a fellow employee or manager when they’ll be out of the office, whether on vacation or during short-term or long-term disability. If organizations don’t have defined security policies for these situations, a lack of accountability could lead to compromised email security.
  3. Loss of a phone with pertinent information—Password management applications are wonderful tools that help you keep track of all the passwords for all of the email accounts you undoubtedly have. But if this application is installed on a phone that is lost or stolen, that can be a problem. Of course, it’s important that your phone is also password-protected, but organizations should take security one step further when it comes to work or personal devices that carry business data or information. Specifically, a business should standardize acceptable use policies regarding the local storage of files, remote wipe capability and network connectivity.
  4. Lack of email encryption—Just because data is passed via a secure email server doesn’t mean it’s 100 percent safe. To add an extra layer of protection, companies should invest in an encrypted email service, which seals email messages and ensures only those with a decryption key can read and access sensitive information.
  5. Crypto-ransomware—Ransomware is nothing new, but it’s a nasty way for hackers to operate. They essentially take the files on your computer or devices hostage until you pay a ransom to have them released. Crypto-ransomware is even nastier, as the hackers encrypt your computer’s files and will only surrender decryption keys upon payment. How is this related to email? These attacks are typically triggered through the opening of some sort of email attachment (e.g., an invoice, energy bill, image, etc.) and they often look legitimate. According to Symantec’s 2015 Internet Security Threat Report, attacks of this nature are highly profitable (bringing in approximately $34,000 per month for one group alone) and growing in popularity.

Whether through phishing schemes or direct malware attacks, email security threats are prevalent—and as we’ve seen, even the mighty can fall prey to them. That’s why it’s more important than ever for organizations to invest in a secure email service that will help them keep their data safe. In addition, employee education is a large part of maintaining a secure email environment. When people know what to expect, they’re better equipped to protect themselves and their companies from liability.

Get more out of your email to help grow your business with solutions from Atidan and Microsoft. Contact us today at office365@atidan.com

 

Blog credit to Microsoft: https://blogs.office.com/2016/01/28/overlooked-email-security-threats/

Microsoft Exchange Hosted Encryption for Office 365

  • Atidan is pleased to offer Exchange Hosted Encryption for Office 365 as an add-on service
  • Deliver confidential business communications safely, letting users send and receive encrypted email directly from their desktops as easily as regular email. Email can be encrypted without complex hardware and software to purchase, configure, or maintain, which helps to minimize capital investment, free up IT resources, and mitigate messaging risks.

    Secure and reliable

    Exchange Hosted Encryption provides advanced security and reliability to help protect your information.
    • Send encrypted email messages to anyone, regardless of the recipient’s system configuration.
    • Provide strong, automated encryption with a cost-effective infrastructure.
    • Eliminate the need for certificates and use a recipient’s email address as the public key.
    • Communication through a TLS-enabled network further enhances message security.

    Stay in control

    With Exchange Hosted Encryption, you can keep your data safe, while maintaining control over your environment.
    • Protect sensitive information and data leaving your gateway consistently and automatically.
    • Policy-based encryption encrypts messages at the gateway based on policy rules.
    • Help manage compliance with security and privacy requirements such as HIPAA and GLBA.
    • Integrate with existing email infrastructure for minimal up-front capital investment.

    Easy to use and maintain

    It’s easier than ever to protect your organization’s email.
    Diagram of how encryption works
    Diagram of how encryption works Hover to enlarge image
    • Encrypted email delivered directly to recipients’ inbox and not to a Web service.
    • Email decrypted and read with confidence, without installing client software.
    • A managed key server eliminates the need for certificate maintenance.
    • Encryption process is transparent to the sender, who does not need to do anything other than write and send the message as usual.

    How to Buy Exchange Hosted Encryption

    Please contact us for a customized quote at office365@atidan.com