7 email security myths for businesses
Email security is a serious issue and often a problem for companies in all sectors. According to a CSO article, for example, phishing attacks account for more than 80% of security incidents.
In addition, according to a Microsoft survey, 54% of the IT and security leaders reported an increase in phishing email attacks since the beginning of the COVID-19 pandemic.
That is, email security should be seen as a priority within companies. So, to contribute with education and knowledge in this area, we’ve created a list of common email protection myths.
Just a tip: try to identify whether you already knew the myth or not. Take the opportunity also to adopt some practices or knowledge provided in this article. Check it out.
Table of Contents
Common myths about email protection
1. Email is secure
Our first myth states that email is a secure platform and that companies can use it without worrying about security and protection.
But this statement is a lie.
Email is insecure. It has numerous vulnerability points that hackers exploit in different ways. It’s possible, for example, to spoof addresses to deceive someone, just as it’s possible to attach ransomware and send it to a company.
In fact, the vast majority of attacks on the internet happen through malicious emails, such as phishing, spam, social engineering, spoofing, and BEC (Business Email Compromise).
The FBI report won’t let us lie.
2. Unwanted and dangerous emails represent few messages
As we said in the previous topic, email is the main channel used by cybercriminals on the internet. But this isn’t only due to the fact that email has several vulnerabilities.
We must not forget, first of all, that email is one of the main communication channels for people and companies. In other words, it’s a favorable environment for the spread of scams due to the large number of users.
To give you an idea, it’s estimated that only 15% to 20% of the volume of emails sent daily are legitimate. In practice, out of more than 160 billion emails sent daily, almost 140 billion are unsolicited or dangerous messages.
3. Spam isn’t dangerous for companies
To say that spam isn’t dangerous is a myth. Quite the opposite. Yes, spam is dangerous and affects businesses in at least two ways.
First, spam is often used by cybercriminals as a threat vector. For example, an employee on your team may receive a spam email that contains a malicious link in order to steal access credentials.
Second, spam directly affects your team’s and your company’s productivity. When receiving many unwanted messages, employees will have to spend energy and time on these emails. In addition, spam can affect the company’s servers, harming other services.
4. The solution for email security is to use strong passwords
Using strong passwords is a must within the corporate environment (and also outside it) and a basic principle of information security.
When we say strong passwords, we’re talking about long combinations of letters, numbers, and symbols. However, using strong passwords isn’t the only solution for email security.
There are several techniques that hackers use to steal passwords and credentials. A Verizon report even shows that 80% of cases of hacking data breaches involved brute force or the use of lost or stolen credentials.
Email security should involve several work fronts, including the use of strong passwords. Adopting the DMARC authentication protocol, for example, is another action front, blocking cybercriminals who want to use the business’s domain to commit scams.
5. Email protection is the service provider's responsibility
One of the biggest myths about email security is to believe that the email service provider will provide the data and information protection that the company needs.
Yes, in general, email service providers, such as Microsoft Office 365 and G Suite, for example, strive to adopt security mechanisms. But this doesn’t mean that they are sufficient to keep the company safe.
It turns out that precisely the fame, popularity, and number of users are among the main factors that catch the attention of hackers. From the point of view of cybercriminals, circumventing Microsoft’s or Google’s security techniques, for example, pays off in terms of scale.
In other words, if it’s possible to bypass the system once, it’ll be possible to attack multiple users or companies at the same time.
Besides that, email service providers aren’t cybersecurity companies, as is the case with Gatefy, which invests all its efforts in security.
6. Trained employees are enough to block email threats
It’s not possible to guarantee and much less recommend that company employees have the responsibility and the ability to deal with all variants of malicious emails.
On the other hand, team education is essential to reduce the chances of data breaches and fraud. Training (or security awareness) is another basic point of a consistent security policy, as well as the use of strong passwords.
In the past, email attacks were restricted to easily identifiable scams. However, with the advancement of technologies and the creation of new methods of counterfeiting, this scenario has changed, which has made it difficult to identify email fraud with the naked eye.
That’s why it’s important to combine education and security solutions, such as a Secure Email Gateway.
7. Phishing attacks are highly predictable
Anyone who thinks that phishing attacks are simple and predictable is wrong. This is another myth. Several reports have pointed to the phishing evolution and the high capacity that hackers have to adapt.
As Microsoft pointed out, phishing attacks are becoming increasingly polymorphic. That is, cybercriminals have used different methods and technologies to persuade and win their victims’ trust, from malicious URLs to sender forgery.
In addition, attacks have been more targeted, as in the case of spear phishing, for example. According to information in the Europol report, 65% of cybercriminal groups use spear phishing as their primary infection vector.
Final considerations
In this article, we showed you 7 myths that involve email security. The analysis we presented shows the importance of thinking and planning email protection in layers, which involve both technical and human factors.
Therefore, if you’re considering adopting an efficient email security solution based on advanced artificial intelligence for your company, evaluate Gatefy’s Secure Email Gateway solution.
Also, be sure to follow our communication channels to dive deeper into the topics of email protection and cybersecurity. Gatefy has a lot of work in this direction, in favor of security awareness.