There is a diversity of business performances around the world, which come together and communicate in a common way between them: email. E-mail remains the most commonly used form of communication in the business environment and, it seems, will remain.
In 2020 we had several learnings, and perhaps the greatest of them is work at a distance. But, moreover, the data collected by cyber security research companies brought us other major sources of knowledge to 2021.
In this article, we will address the data of cyber attacks and virtual threats coming by email in 2020 in the business environment, and also list the 7 lessons that these data left us, so that professionals and companies do not make the same mistakes again.
7 Lessons from 2020 on business email security
Over the years the concern for cyber security has been increasing, following the increase in cyber attacks and especially their effectiveness, being able to steal data, extort companies and people and make bank transfers, as you can see in our Internet security newsletter . But business email is still a constant target of digital criminals, aggravated by the pandemic, with most professionals working in home office .
Given this scenario, 2020 brought several lessons to companies and professionals seeking more safety in the email, as you can see below.
Lesson 1: Concern about email security is still important
Even though it is a means of communication considered old, corporate email is still widely used, and deserves the attention of managers and professionals responsible for the security of it. According to the survey The State of Email Security 2020 , 60% of managers and professionals interviewed in the survey, believe they will inevitably suffer an email attack this year. In addition, the same 60% noticed an increase in fraud attempts and falsification of identity in their corporate emails in 2020.
Therefore, worrying about offering tools, systems and safety training in business email is important and should be part of strategic planning within companies for this year.
Lesson 2: Phishing attacks have been increasing
As we mentioned earlier, the attacks have been increasing progressively, taking advantage of the favorable scenario and pandemic -based campaigns. The State of Email Security 2020 survey , 72% of respondents saw an increase in receiving phishing emails in their companies and also a 30% growth in the identity forgery from January to April 2020 was found.
Looking for unprepared or inattentive users, phishing attack is widely used, looking for bank data and mainly access.
Lesson 3: Ransomware attacks still cause inactivity
What is expected with technological evolution is that over time the protection or correction of problems related to cyber attacks improve and become more effective. But the truth is that the side effects of ransomware attacks are not improving year after year. According to the TMTC 2020 (The State of Email Security 2020), among respondents who suffered such an attack on the company, the company's average inactivity time after the attack was 3 days.
Imagine 3 days without system, database, with staff standing waiting for correction. For any size of company, this would be catastrophic.
Lesson 3: Team training is not yet taken seriously
We have spoken several times here on the blog, and repeating is never too much: awareness of employees about internet security, especially in using emails, is very important. Only 21% of respondents in the TMTC 2020 survey offer monthly training to their employees on business email security. The vast majority leave the common sense and knowledge of the employee to maintain the data they travel in the email insurance.
Lesson 5: Lack of training causes data leakage
Many wonder if training employees really diminishes the risks of cyber attacks. According to TMTC 2020 survey, the absence of business email safety awareness ends in clicks on harmful links and company data leakage. In the survey, it was found that companies that do not use team training methods are 5 times more likely to click on malicious files. In addition, 60% of respondents were hit by such attacks and even propagated malware with other employees of the company.
Lesson 6: Spoofing attacks are growing
When someone pretends to be a company, or someone known, trying to access the company's sensitive information, fits as a spoofing attack . Usually in search of financial gains, this attack is very common, and widely used, after all, on social networks today, anyone can get a lot of information about anyone, using this information to persuade users to provide access to company systems and data.
On average there are 9 attacks of email spoofing per organization each year, according to the TMTC 2020 survey. Therefore, taking care of what information about the company is released is very important. Also, it is always good to be suspicious of friendly emails requesting data and access.
Lesson 7: Company Internet Security Systems have never been so important
We can agree that Internet security strategies and systems, especially in emails, are important, but are not implemented by the vast majority of companies. Again quoting data from the TMTC 2020 survey, 40% of the companies interviewed do not have a cyber attack monitoring and protection system, or some contingency plan in case of data leakage and 60% of organizations believe it is inevitable to suffer an email attack this year.
Briefly, the concern is great, but the efforts to contain these attacks are not always.
How to avoid safety problems in email?
What you think of most companies is what to do after suffering a cyber attack. Backup tools , for example, can solve problems like this, but do not get rid of the new attacks, nor gives a headache of restoring all data and being inactive time, for example.
The ideal is to avoid data leakage not only by email, but also in other possible entry doors for digital criminals. Internet access management and control tools can avoid the vast majority of these attacks, and break, get the back of employees' backs from being the main responsible for security breaks.
With Lumiun Box for example, it is possible to block websites considered harmful, preventing inattentive or unknown employees from accessing websites sent in the company's email. In addition, Lumiun's internet access management system controls many other sites, such as social networks and pornography. Thus it is possible to protect company data and also keep employees focused and productive during working hours.
If you want to know more about Lumiun's solutions, take a free test , or schedule a without commitment to our consultant, and see in practice how we can help protect your e-mail threat devices.
