We’ve been discussing the security power of email all week on our Twitter, Facebook and LinkedIn. To be honest, it’s something many of us take for granted. We’re aware of the general threats that face us – bad links in comically fake looking emails or emails written in broken English and full of typos – but this only scratches the surface of the threat emails pose to businesses.
You’re not alone. Even among IT professionals, studies have shown there is widespread anxiety over exactly what email threats are out there and whether or not they’re actually prepared to face a substantial email breach.
Let’s take a look at the results of one such study and see what steps you can take to protect your organization from these threats.
Mimecast, the email security provider, released a report last year detailing how IT professionals feel about the threat of email derived breaches and hacks. In the report, they went over the results of a survey of 600 IT decision makers, and generally found that the majority of these people are very nervous about email security. For context:
- 31% are “Apprehensive” – they have no experience with email breaches and just aren’t capable of dealing with one anyway
- 6% are “Nervous” – they have some experience against hacks, but are unequipped to deal with one now
- 28% are “Battle-Scarred” – they have had a recent run-in with an email breach, but do not feel confident in their abilities to prevent another one
- 16% are “Vigilant” – meaning they’ve never experienced an email breach but feel confident in their abilities to fight one off
- 19% are “Equipped Veterans” – they’ve seen it all and feel confident in their abilities to prevent future breaches
As you can see, this adds up to quite a disparity: 65% of IT security professionals are uncertain about their ability to react appropriately to a breach.
This anxiety is warranted. The figure provided by Mimecast below shows the average cost of breaches to organizations. It’s not pretty.
Up to 37% of breaches in 2016 cost organizations over $1 million. It goes without saying that you don’t want to fall within that percentile – or really any of these percentiles at all. Unfortunately, the threats are so numerous that odds are you will suffer a breach at some point. By taking the right steps and being truly prepared, however, you can help minimize the damage and keep your organization safe.
Mimecast outlines several steps all security professionals should be aware of. These include:
- Recognizing New Threats – This includes new malware, viruses and social engineering attack campaigns. Stay up to date on what is making waves and protect your organization.
- Bring the C-Suite In – By engaging your C-Suite, you get buy-in for email security from the highest level of your organization. This adds extra authority to your efforts, and makes it an organizational imperative that email security be prioritized.
- Spend the Right Amount – Surprise! but The more you spend on your IT security, the more confident you’ll likely feel in its effectiveness. Mimecast notes that IT managers should attempt to spend 10.4% of their IT budget on email security in order to hit the “security spend sweet spot,” or the place where your spending levels best match up with your confidence.
- Upgrade Your On Premises Software - Using outdated software – especially if it no longer receives patches – is leaving you open to unnecessary threats.
- Watch Out for Internal Threats – Too often IT security threats are seen as external threats only, which is anything but the case. Staff needs to be trained on how to weed out threats. If your gatekeepers are willing to open your organization up to anything, then what’s the point of having all that security in the first place?
If email security isn’t a high priority for your organization, then it should be. Continue following us on our Twitter, Facebook and LinkedIn accounts this week for more information on how you can protect yourself from email threats, and stay tuned for news on future security weeks.
Written by Nik Vargas