In its cyber security trends report for FY 2022-23, ASD advise that a cyber incident was reported every 6 minutes in Australia, and the top three cybercrime types for business were email compromise, business email compromise (BEC) and online banking fraud.
It confirms what most of us already know, that business email can be a powerful tool for communication, but it also comes with many risks and dangers.
And the threats can target any business, of any size, across any industry. Here’s a breakdown of the top 10 reporting industry sectors:
Source: ASD Cyber Threat Report – July 2022-June 2023
To boost awareness amongst your client employee’s here’s a list of ten of the top dangers associated with business email use:
1. Phishing Attacks:
Phishing emails are designed to trick recipients into revealing sensitive information such as passwords, financial data, or personal information. Clicking on links or downloading attachments from these emails can lead to data breaches or malware infections. According to research by Deloitte, 91% of all cyber-attacks begin with a phishing email to an unexpected victim.
2. Data Breaches:
Sending sensitive information via email increases the risk of data breaches if the email is intercepted or if the recipient's email account is compromised. In 2023, the global average cost of a data breach was USD 4.45 million, a 15% increase over 3 years, according to the IBM Cost of a Data Breach report.
3. Email Spoofing:
Attackers can spoof email addresses to make it appear as if the email is coming from a trusted source. This can be used for phishing attacks, spreading malware, or impersonating company executives to request sensitive information or financial transactions.
4. Email Overload:
Excessive email communication can lead to email overload, causing employees to waste time sorting through and responding to emails, which can reduce productivity.
5. Legal and Compliance Risks:
Mishandling of sensitive information via email can lead to legal and compliance issues, especially in regulated industries where strict data protection laws apply.
6. Ransomware and Reputation Damage:
Sending inappropriate or unprofessional emails can damage an organization's reputation, both internally and externally. Likewise, clicking on a malicious link or accidently downloading nefarious software can result in a ransomware incident, with bad actors stealing valuable data and company assets, threatening to destroy the company’s reputation unless a ransom is paid. IBM reports that 45% of ransomware attacks begin with an email.
7. Email Miscommunication:
Not all mishaps involving email are criminal. Misinterpretation of tone and intent in email communication can lead to misunderstandings, conflicts, and damaged relationships among colleagues, clients, or business partners.
8. Email Encryption Challenges:
Ensuring email encryption to protect sensitive information can be challenging, and failure to encrypt emails properly can result in data exposure. Experts recommend extra care, and a cautious approach.
9. Email Retention and Archiving:
Failure to properly retain and archive business emails can lead to legal and compliance risks, as well as difficulties in retrieving important information when needed. Consider a solution like MailGuard’s SafeGuard to protect and retain sensitive business data and assets.
10. Social Engineering Attacks:
Attackers may use information obtained from business emails, your company website or from your social networks, to launch social engineering attacks, such as spear phishing, where they tailor their attacks based on personal information gathered from email communications and elsewhere.
To mitigate these risks, organisations should implement email security best practices, like enhancing Microsoft 365 or Google Workspace email security with a specialist, advanced cloud email security solution like MailGuard. Additional measures like providing employee training on identifying and responding to email threats, and utilizing solutions such as encryption and email authentication protocols like SPF, DKIM, and DMARC, can also help.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared, and get in touch with our team to discuss strengthening your customer’s Microsoft 365 security.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
