Phishing and Spoofed Emails Threaten Corporate Email Security

Twenty years ago, corporate email security was not an issue that business leaders had to contend with.

Today, phishing and spoofed emails account for nearly half of all emails sent – and that’s a 12-year low!

As technology becomes more prevalent in every part of our business and personal lives, cybercriminals have become more and more creative in finding ways to con employees into clicking on links or taking actions that put companies at risk.

This has collectively cost businesses in Canada more than $19 million in 2014.

Email Security Threats Become More Sophisticated

A new wave of spear phishing – highly targeted, researched emails that are even more likely to deceive your employees because they look so legitimate – has been targeting Canadian companies.

Alberta businesses are not immune.

Last fall, 75,000 members of the Alberta APEGA were the victims of a spear phishing scheme.

The ITeam recommends that every organization take immediate steps to improve email security, including these steps:

1. Provide Ongoing Training to Employees 

According to the 2015 Verizon Data Breach Report, employees are one of the biggest risks, with 23 percent of recipients opening phishing messages and 11 percent of those clicking on the links.

Ongoing training, reminders, and even phishing email tests can help educate your employees on how to better resist the deceptions.

As business leaders and industry professionals, we must provide constant reminders about being more cautious.

Institute policies that govern what actions can be taken from an email.

Encourage employees to verify with the sender (in person or over the phone) if they were really the ones to send the email before opening attachments, wiring money, or clicking on links.

2. Implement Multi-Layer Security 

To prevent some of these targeted emails from getting through, you must implement tough, layered security protocols.

Every organization should have firewall protection, virus protection, and malware detection software.

In addition, email encryption solutions can protect data and limit access, and additional policy-based email security can be implemented to detect keywords that are likely phishing triggers, such as “credit card,” “wire,” “bank transfer,” and others.

3. Establish Robust BDR, MDM, and BYOD Protocols 

To mitigate risk, in case the worst does happen and an employee clicks on a link that leads to malware or ransomware infection, be sure you have stringent Backup and Disaster Recovery (BDR) protocols in place to protect your data.

It’s necessary to ensure that every device being used by employees is protected. Develop Mobile Device Management (MDM) and Bring Your Own Device (BYOD) policies that require the devices to have protection and allow you the ability to remotely delete them from your network.

4. Adopt Sender Policy Framework (SPF) Best Practices 

To prevent even more spear phishing attempts, implement Sender Policy Framework (SPF).

Sender policy framework is an easy-to-implement email validation tool.

The SPF communicates with email providers and tells them that the email is coming from an approved domain (the company website, newsletter service, or approved third-party sender).

The ITeam will work with your Alberta business to customize a cost-effective solution. We offer a comprehensive email security plan that will protect you against email security threats. Contact us for a free consultation.