The original killer-app, email has long been at the core of just about any and every organisations’ communications stack.
While its dominance has reduced as various digital apps and social media platforms have grown in popularity, its place as the critical tool for communicating and sharing information is assured for some time – especially when the lion’s share of top executive positions are still held by its strongest advocates: Gen X and baby boomers.
Younger workers that use mobile devices and apps as an extension of themselves raise different concerns, however in the case of email, there is universal agreement that this is the greatest ‘Achilles Heel’ when it comes to cyber security.
Cyber criminals know this better than anyone and are especially motivated by the fact that it’s often senior executives who are most likely to be using email. Not only are they typically less alert to the potential dangers, but their access privileges make them a rich source of sensitive information.
It’s critically important, therefore, for organisations to have a ‘Cyber Resilience for Email’ strategy. This should enshrine smarter and less risky email practises and procedures, foster the right company culture so as to minimise risk, and incorporate plans to utilise the right technologies and experts.
The 4 pillars of a successful ‘cyber resilience for email strategy’
1. Invest wisely in your technology stack
There’s no point in having good intentions to bolster cyber security around your most important communications tool if you don’t have the baseline technologies needed to achieve it. The word ‘baseline’ is key here as it will help you first understand the fundamental challenges and what’s needed to address them.
Cyber security is probably the most vexing technology issue for organisations today, given how quickly threats morph and evolve. It can never be 100 percent, which means organisations need to take a heuristic, realistic approach.
2. Identify and address skills and knowledge gaps and requirements
If human resources were infinite, we’d be able to solve most problems straight away. Instead we need to take proper account of what our people currently understand and what they are capable of.
Organisations also need to pick their battles, while fostering corporate cultures that are more risk aware, for instance around the need to not open email attachments from unrecognised sources, to have proper passwords and to never share them, and other basic tenets of corporate security.
3. Provide service assurance
Organisations often lose sight of why they’re talking about security in the first place.
It’s typically the downtime and uncertainty around business continuity that present the greatest risks, and this should always be top of mind when creating any cyber security strategy.
In the case of email, even the most digitally-savvy organisations plugged into the latest app platforms would be hurt should their email systems fail. It’s important therefore to understand any vulnerabilities or risks to service, both with email systems on-premise or in the cloud such as via Office 365.
4. History lessons: backup and protect your data
In May of 2017, US law firm DLA Piper suffered the biggest cyber attack of any law firm in history when its operations were crippled by the damaging NotPetya malware.
Called ‘NotPetya’ to distinguish it from the first known instance of the ‘Petya’ malware, the email-born virus seeks to take control of victims’ systems and data before villains demand a ransom payment to unlock and return them.
DLA Piper didn’t pay the crooks, as it had been vigilant in creating detailed data backups which meant it returned to ‘business-as-usual’ eventually.
However, the IT team put in 15,000 hours of paid overtime to repair the damage, which included wiping its entire Windows environment and ‘starting afresh’.
The threats are evolving and multiplying, so now is the time to invest in ensuring you’ve got an up-to-date ‘Cyber Resilience for Email’ strategy that can protect your organisation before you become the next victim.
Brennan IT and Mimecast work together to protect users from the threats that exist now and will exist in the future, making email safer for their business. Together, we can secure, reduce risk, and manage your email security, simply. Speak to us today to find out more about our IT security services.
From special guest contributor Garrett O’Hara, who is Principal Consultant at Mimecast.