Last week, we learned of the passing of Ray Tomlinson, the American computer pioneer who not only invented the first email system, but came up with the idea to use the “@” sign to indicate the user and host. Most people don’t realize that Tomlinson sent the first email message over a network way back in 1971. It was largely the work of Tomlinson that fundamentally changed the way people communicate.
45 years later, email is the most popular Internet application in the world, with more than 2.5 billion users and 4.35 billion accounts, according to research from Radicati Group. Email also remains a communications standard and mission-critical application in business. In fact, Osterman Research reports that the average employee sends and receives 110 emails per day.
The downside of email’s continued popularity and usefulness is that cybercriminals are increasingly targeting employee email to gain access to corporate networks. Some researchers estimate that 2 percent to 4 percent of all emails contain a virus. The Osterman study found that the average email system experiences unplanned downtime of eight hours and 36 minutes each year. That’s a drop in the bucket compared to the lost revenue, lost data and lost productivity that can occur when hackers are able to use email to infiltrate systems that house a company’s most sensitive data.
Here are five ways that organizations and individual users can minimize the risk of an email-related breach.
1) Strengthen Your Passwords
When you don’t change default passwords or use the two most common passwords – “password” and “123456” – you make a hacker’s job very easy. A password should be a complex, random series of letters, numbers and symbols, and it should be changed at least every few months. Organizations should also consider using multifactor authentication for setting and changing passwords.
2) Keep Email Systems Patched
Email software should be updated with the latest patches, which are developed and deployed to plug newly discovered vulnerabilities and stop the latest threats. If you’re using an old, unsupported email platform, you will not receive these critical security patches.
3) Avoid Webmail Platforms
Webmail, or web-based email services such as Yahoo, Gmail and AOL, enable the use of an email account through a web browser. Webmail is much more vulnerable to attack and difficult for IT to manage than corporate email. If you ever access email via the Internet, make sure “https” appears in the address. This ensures a secure connection.
4) Use Encryption
Encryption software converts data into ciphertext to prevent the contents of your email from being read by unauthorized parties. Encryption should be centrally applied to ensure that all employees are using the same standards. Transport Layer Security should also be used to encrypt the connection between servers.
5) Create and Enforce an Email Policy
Every organization should have a documented policy for email usage, and all employees should be trained to adhere to this policy. What kind of data can and cannot be sent via email? Who is authorized to send certain types of data? What kind of files should and should not be downloaded? What emailing procedures satisfy regulatory compliance requirements? In addition to establishing ground rules, make sure employees understand the consequences of a breach.
SSD’s security experts constantly monitor the latest threats and use a comprehensive suite of security tools to keep networks safe. Let us evaluate the vulnerability of your email system, help you develop a formal email usage policy, and implement security solutions to keep your email protected.