Making the change to remote work?
We're happy to help you stay connected

Learn more

Top Email Security Risks Businesses Face in 2021

Risk is, unfortunately, part of every company’s technology ecosystem. Even with the best protections in place, security issues can still occur. Cyberattacks continue to evolve, so you must stay vigilant. So, what are the top email security risks businesses face in 2021? And how can you mitigate or prevent them? Let’s find out.

Cloud Platforms Increase the Digital Attack Surface

With the proliferation of remote work, most companies are using cloud-based email solutions. While the cloud is much more secure than on-premises solutions, it does expand the opportunity for hackers. Businesses now have more touchpoints to manage and monitor. Further, end users may not be using the most secure networks or devices to receive and send email.

While these cloud servers can have multiple layers of security, research revealed that 40 percent of Office 365 credentials have been compromised. To ensure this doesn’t become a problem for your employees and still provides flexible work from wherever platforms, you should:

  • Educate users on their security responsibility.
  • Enforce strong password rules.
  • Work with an email provider that follows best practices regarding secure email cloud servers.

Phishing Scams Are Still Prevalent and Becoming Harder to Catch

Phishing attacks have been in the risk stratosphere for some time. Cybercriminals are becoming more sophisticated. They are using social engineering, so the email that a user receives reflects their activities.

The pandemic saw these threat actors prey on the vulnerabilities of users. As a result of this opportunity, COVID-19-related phishing attacks increased by 600 percent.

A phishing report determined that 90 percent of all cyberattacks begin with a phishing email. This tactic isn’t going away. Again, it goes back to keeping your users informed. Provide training around phishing regularly, not just annually or for new employees. Also, make sure your staff reports any probable phishing incidents immediately.

Filtering tools that block blacklisted URLs is another preventative shield to keep in place. It won’t catch everything, but it’s a good first line of defense.

AI is providing new email protection as well. Such tools guard against socially engineered attacks that can evade traditional detection. In addition, they can prevent users from clicking on malicious links, so such incidents don’t result in significant damage.

Ransomware Attacks Are Increasing on Mobile Devices

Ransomware attacks evolved in the last few years with the advent of Ransomware as a Service (RaaS) schemes and a bigger target on mobile devices, which are often less secure. Projections for the cost of these in 2021 are at $20 billion. Many companies have been the victim of ransomware, some of which paid off the criminals. Some others lost their data or were unable to decrypt it.

Ransomware attacks start as malware, usually through email phishing. The best approach to prevent ransomware is through monitoring, detection, and response. You’ll also want to make sure you have secure email archiving and backup to preserve business continuity.

Business Email Compromise Is an Emerging Threat

This type of email security risk occurs when a criminal hacks into a corporate email account to impersonate the real owner of the email to commit fraud. Often, the impersonation is of someone from leadership. Hackers spoof email accounts and send a message requesting information. Since it appears to be coming from someone in the C-suite, employees provide the information or click the links.

The FBI published warnings about these attacks because they are so common. To avoid this, follow these best practices:

  • Advise employees that the leadership team would never ask for confidential information via email.
  • Use sophisticated email protection that makes spoofing difficult.
  • Set up two-factor authentication for all accounts.
  • Add more layers of protection around email platforms.

Provider Misconfigurations Leave Systems Vulnerable

Another long-time email security risk still around is provider misconfiguration around email services. Leaving configurations as is can cause weaknesses. Failure to update or patch these can also lead to problems. This gives criminals an in, so it’s critical that your provider or IT team configures everything properly and updates systems when prompted.

Data Breaches That Expose Credentials

Data breaches are still a serious issue in cybersecurity. They can often expose business emails and credentials, which can then lead to cyberattacks. For example, Zoom had a massive credential stuffing attack, allowing hackers account access. These cybercriminals could then send malware files under the guise of that compromised email account.

If any data breach exposes credentials, your company should force a password reset for all. Two-factor authentication is also a good defensive tactic to prevent this.

Email Leaks by Employees Are a Danger

Email leaks and data breaches can happen when employees send confidential information via the channel without proper security. By using email encryption, you can encrypt outgoing email across your organization. It filters and scans it and matches content to your email policies. It’s especially beneficial to organizations with data privacy compliance mandates like healthcare.

Email Security Risks: How to Protect Your Inbox

Email security risks impact every business. The more proactive you are, the less reactive you’ll need to be. Securing your email is no easy feat — it requires tools, protocols, education, and constant monitoring. Learn more about how to protect your inbox by reading our email security guide whitepaper.

About Darcy Mekis