As cyberthreats become more sophisticated, managed IT support providers must ramp up defenses for their clients. Security solutions that worked in the past are no longer enough to protect against the attacks being launched at organizations today.
With 91% of all cyberattacks originating from email, it makes sense that this is one area your IT support team should take extra care in locking down. Email has always been a popular target for cybercriminals, but 2020 and 2021 saw a significant increase in email attacks according to a study by Mimecast.
“With employees around the world trading cubes, offices and conference rooms for email, instant messaging and Zoom meetings, more sharing of sensitive business information has migrated from conference room whiteboards and face-to-face conversations to discussions via collaborative tools and extended email threads.” – Mimecast, The State of Email Security.
The increased dependence on email presents criminals with the opportunity to launch relentless social engineering attacks on your employees. This has resulted in employees clicking on three times as many malicious emails as they had before the pandemic!
Aside from offering ongoing security awareness training for your staff, our team has identified four areas of email security that deserve attention now given the heightened threat of cyberattacks.
Advanced O365 Security Policies
Curiously, many of the respondents surveyed in the Mimecast study who do not have an email security strategy indicated that they are relying solely on the safeguards provided by Microsoft 365. Of those respondents, 67% said their organization had experienced an email outage during the previous 12 months. This seems to suggest that standard protections simply are not enough to keep companies safe anymore. And we couldn’t agree more. Microsoft has advanced security policies available, but these are not turned on by default. Therefore, your managed IT support team should ensure these policies are applied to your O365 email platform.
DMARC
Domain Message Authentication Reporting and Conformance, or DMARC, is an email validation system that will uncover if a bad actor is using your email domain to send emails without your authorization. Cybercriminals often use email spoofing to make an email look like it came from your organization in an effort to divert money to their accounts or gain access to your network. Using a protocol like DMARC protects against business email compromise, phishing and spoofing.
Artificial Intelligence Email Assistance
Traditional Secure Email Gateways (SEGs) add a layer of protection against phishing emails by blocking them from landing in your inbox. But as you are well aware, sometimes bad emails sneak through the filters and land in inboxes anyway. Your employees are left on their own to determine if an email is legitimate or not. Newer AI technologies, like Inky’s Phish Fence, go a step further by helping your end users spot and identify malicious emails even if they do slip through the filters. A banner is displayed with each incoming email indicating whether it is unsafe, suspicious or safe. The technology can identify even the most well-disguised phishing attempts and alert your employees before they click on a bad link.
Mobile Device Management
If your employees access company email on their mobile devices, you need to incorporate a mobile device management (MDM) solution. Microsoft’s Intune solution, available to O365 users, allows you to protect your company’s data whether it is accessed by an employee’s personal mobile phone, tablet or laptop, or via a company-issued device. Should a device become lost or stolen, the company can remotely lock it to prevent company data from falling into the hands of criminals. And when an employee is terminated or leaves your organization, company data can be wiped from their personal device while leaving their personal data intact.
As cyberthreats become more sophisticated, managed IT support providers must ramp up defenses for their clients. Security solutions that worked in the past are no longer enough to protect against the attacks being launched at organizations today. Advanced tools and protocols like Microsoft’s advanced email policies, DMARC, AI Email Assistance and MDM are becoming necessary to help thwart cyberattacks.
If you would like more information about how MIS Solutions can protect your business, contact us.