Email poses perhaps the greatest risk for organisations in terms of cyber security.

Clicking on a bad link or downloading malware delivered by email is a constant risk. So why aren’t organisations putting enough effort into their main line of defence?

Email filtering (and you as the 'human firewall') is your organisation’s best line of defence in the war against the spammers.

Spear-phishing, whale phishing, ransomware and other malware attacks that use email as their attack vector are all on the rise. This makes it more important than ever to invest time and effort into email filtering services rules, tools and practices.

What is the email threat?

In its State of Email Security report 2019, email security firm Mimecast found 94 percent of the more than 1,000 organisations surveyed had experienced phishing attacks. 88 percent of organisations reported email-based spoofing of business partners or vendors. And 73 percent of attack victims experienced a direct loss as a result.

Lots of statistics but according to the survey authors, this certainly makes email “the largest single attack vector on the planet”.

Similarly, in the Cloud Threat Report 2019 produced by Oracle and KPMG, email-based phishing was identified as the most common type of cyber-security attack.

Worse: year-to-year trends indicate the problem is still growing - and fast!

Mimecast reports 67 percent of organisations saw increases in email impersonation and business email compromise attacks; 54 percent saw increases in phishing; and 42 percent saw increases in internal threats and data leaks.

The reason is simple, as Kevin Murnane points out in Forbes magazine: “Enticing company personnel to click links, open attachments and visit websites is the most effective way of breaching corporate security.”

What can organisations do to protect against email attack?

As we’ve mentioned in earlier blog posts, one of the key lines of defence in protecting against email attack is staff education.

Find out more about how Grant McGregor can help your staff learn to spot and deal with spam and malicious emails here.

But, alongside staff training, strong email filtering is vital: it provides an additional layer and your best chance of stopping those emails reaching your staff in the first place.

It should be your first line of defence against email-based attacks.

Is what your email service provider delivers enough?

The good news is that most vendors and email service providers offer integrated anti-spam tools and they also undertake some basic email filtering for their service users.

The bad news is that the basic levels of filtering are no longer enough.

Sure, they might catch a chunk of the nuisance and junk email that used to be so tedious to work through and delete daily, but things have moved on.

Mail is now being used to deceive people into clicking malicious links, supply personal information, like login credentials, or even follow instructions that appear to come from a colleague.

There’s no perfect answer but you can adopt best practice and that’s why we recommend and deliver multi-layered solutions to cybersecurity to keep your business safe.

For a quick chat about how you might improve your email security or how other measures can help, please call the Grant McGregor team on 0808 164 4142.