On average, business users send and receive 42 emails per day via a number of devices, including smartphones, tablets, and desktop computers. All that online activity is inviting to hackers, which is why phishing and malware attacks are common in office email breaches. Are the email accounts in your office protected?
We’ve discussed cyber security in the past, including strategies for proper encryption, especially if you’re operating in the cloud. Odds are you encrypt some of your more sensitive emails, but do you also take the time to digitally sign them? If not, consider making digital signatures a default practice of your organization. Why? Signing emails can help keep your company secure. Here’s what you need to know.
Email Attacks are on the Rise
In its Internet Security Threat Report released in April 2016, Symantec revealed that with 190 billion emails in circulation in 2015, email was the weapon of choice for cybercriminals. Most of those email attacks were a result of phishing or malware. Some noteworthy email-related scams, such as the Gmail scam (shown in Figure 1), used a combination of social engineering and email to bypass standard safeguards like two-factor authentication.
Figure 1. Source: Symantec
According to the report, 2015 brought “a concerning increase in the number and sophistication of phishing attempts, targeting specific departments in the organizations.” While some attacks stemming from emails are obvious, those breaching the legal and financial departments of several organizations last year were much more sophisticated. As you can see in Figure 2, phishing attackers targeted businesses of all sizes pretty evenly. In this case, there is no safety in numbers.
Figure 2. Source: Symantec
While mobile has introduced a new normal for most businesses, it has also been accompanied by a whole different set of privacy and security issues. In fact, Symantec reported the number of mobile vulnerabilities rose to 528 last year—a whopping 214 percent increase—and those numbers are projected to be much higher when all the data comes in for 2016.
The data clearly shows business emails are at risk, so what can you do to keep your business secure? Digital signatures are a good start. If your employees are not already digitally signing emails, you’ll want them to start after reading this post.
Why Digital Signatures May Be the Answer
Before we go any further, I’d like to draw a distinction: Although in the same family, digital signing is not the same as complete encryption. During the digital signing process, you’re embedding information into your message that proves your identity as the sender. If that same message were encrypted, it would also ensure it had not been altered or read before the intended recipient opened it.
Sensitive information should be encrypted, but as analyst Jack Wallen argues in a TechRepublic piece, digitally signed outgoing emails should be standard in your company’s security policy. Why? It serves as proof that your email is genuine—an uber-important point, as countless spoofing scams have gathered unsuspecting people’s information by posing as legitimate companies and asking users to update account information.
To digitally sign emails, you’ll need to first apply for a certificate and set it up in your software. (To learn how to complete these and other steps, read this informative Hiver post.) Next, choose your preferred technique. A commonly used option is Pretty Good Privacy (PGP), a type of signage that uses cryptography, data compression, and other steps to increase the authenticity of your email. Depending on your situation, you may need to generate a PGP key for each of your employees, although it is possible for one key to be shared throughout your business.
Security breaches are expensive, embarrassing, and can cause downtime that can have both an internal and an external impact. Doing all you can from an IT standpoint to protect against breaches is important. Taking steps to safeguard your emails for similar reasons makes sense: If your customers become victims of a spoofing or phishing attack from an email that appeared to come from your servers, there’s a potential impact to your business and a reputation for credibility and trust that you’ve likely worked hard to build. Can you afford that?
How do you approach cyber security when it comes to your organization’s emails? Do you currently use digital signatures or encryption? In this age of mobility and increasingly sophisticated internet threats, do you think a signature (such as PGP) should be the industry standard? I’d love to hear your thoughts.
Additional Resources on this Topic:
Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”