Securing Corporate Email: What You Need to Know

Anyone working online faces a wide range of threats that they are likely not capable of handling due to the use of outdated IT equipment, inadequate security measures, and a lack of education on the importance of Internet security.

Cost of Cybercrime

To put the threat of cybercrimes into context, two billion personal records were stolen in the U.S. in 2016 alone. The numbers are even higher for 2017 and 2018. Every year, cybercrimes cause hundreds of billions in annual losses to businesses and companies around the world. The rate, not to mention the sophistication, with which cybercriminals attack the private information of people and businesses has steadily risen year after year.

One of the most notorious examples of cybercrimes is the recent WannaCry ransomware attack. A global attack on a scale never before seen, the WannaCry virus affected hundreds of thousands of computers in at least 150 countries. It exposed the private and sensitive data of millions of people while causing over $4 billion in damages to institutions as diverse as the British health care system, Sony Entertainment, and the Russian Interior Ministry. Perhaps the most frustrating part of the attack was that it was possible because of a known vulnerability in Windows that the affected parties failed to install a security patch to prevent such attacks.

Common Targets

Although hackers are known to be able to exploit a wide range of vulnerabilities such as weak passwords, insecure routers and outdated system applications, the most common sources of data breaches are data posted or emailed to an incorrect recipient and the loss or theft of paperwork. Certain industries are more prone to attack than others as well, in part due to the value of the information they deal with and because they continue to use outdated legacy systems that are not resistant to new forms of online attacks.

Mitigating Threats

Mitigating threats of cyber attack are not just the responsibility of IT and security software, prevention is everyone’s responsibility, especially when they are sharing important information via email. It begins by getting the basics right and taking care of the following critical areas of vulnerability:

Internal Threats
No amount of anti-spam, anti-malware or encryption tools can stave off cyberattacks if the biggest threat to any company’s security – its people – are not careful and do not follow proper data privacy and security guidelines. Some studies have estimated that over 80 percent of high-cost security breaches are the result of employees sending private and confidential data outside the company.

Securing Mobile
Just as physical office documents can fall into the wrong hands, resulting in a breach, mobile devices can be lost or stolen. Thus, the information on them can be retrieved by whoever’s hands they fall into. This is one reason that staffers who work in highly sensitive companies or industries are prohibited from bringing their own devices to the workplace. Every company should conduct training and safeguarding sessions to improve employee handling of devices and data to minimize the chances of a data breach or mishap.

Planning Ahead
As mentioned above, the WannaCry virus was so effective because it exploited a weakness inherent in certain versions of Windows. Ensuring that you are running an up-to-date system and have all required patches and upgrades installed on a regular basis is an integral part of basic information technology security.

Multi-Factor Authentication

SEDNA continues to enhance document security in its platform with the inclusion of MFA (multi-factor authentication). MFA is a security system that requires more than one method of authentication to verify the user’s identity for login into SEDNA. MFA provides an added layer of defense to make it more difficult for an unauthorized person to access an organization’s network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Typically that involves the users personal password and authentication application. SEDNA recommends using Google Authenticator which in addition to the individual’s password,  will provide a time-limited authentication code, used in addition to a user’s password, to access SEDNA.