Atlantic-IT : Blog

Don’t Take Email Security For Granted

Despite the growing use of instant messaging and other collaboration tools, email continues to be the de facto standard for business communication. In fact, email sees greater use than the phone and even personal meetings in many organizations.

Because of its continued popularity, email has become the No.1 delivery mechanism for ransomware, malicious attachments, malicious URLs, viruses and phishing attacks. The security firm PhishMe claims that nine out of every 10 cyberattacks originate from email.

A big part of the problem is user apathy. Despite repeated warnings, people continue to view suspicious emails, open dubious attachments and click on questionable email links. Poor email practices became a big story last year when John Podesta, Hillary Clinton’s campaign chairman, was duped into giving up his Gmail password, thus exposing thousands of messages related to the U.S. presidential campaign.

In addition, much of today’s email infrastructure relies on technology developed a quarter of a century ago. A complex interplay of hardware, software, messaging protocols and many other supporting elements creates multiple potential vulnerabilities. What’s more, many organizations aren’t making enough of an effort to update their email infrastructure. Microsoft Exchange Mail Server 2010 remains in use in many companies, even though mainstream support ended in January 2015.

Many organizations are looking to cloud-based and hosted email platforms to boost email security. Among other advantages, cloud and hosted solutions relieve you of the burden of managing the complex system of servers, storage, operating systems, mail clients, directories, filters, and e-discovery, backup and archiving solutions.

Additionally, economies of scale allow cloud providers to make significant investments in security features that in-house systems might lack. With multiple tenants, cloud providers will likely encrypt data at rest and have the strongest possible identity and authorization features and content filtering capabilities. Many providers will also offer security extras that can be licensed to amplify security based upon specific user roles and departments.

The cloud isn’t for everyone, however. Organizations may prefer in-house email for a variety of reasons, including the ability to maintain complete control over the custody of data — which is not entirely possible with a cloud provider. In-house email also allows organizations to reuse existing servers and storage to reduce total cost of ownership.

Next-generation security tools can go a long way toward reducing email threats. These tools include antivirus functionality for scanning email messages and attachments for malicious content along with antispam and anti-spoofing capabilities that detect and prevent unwanted email. They may also include features that automatically detect sensitive information being sent via email and block, reroute or encrypt it according to company policies.

Email has been a great business tool for many years because it is easy to use and gets the job done, but security cannot be an afterthought. If you’re debating whether to boost your in-house security or shift to a cloud-based solution, Atlantic-IT.net can help you explore your options. We have worked with clients to develop both cloud and managed on-premises email systems with robust security measures that block malicious attacks without hindering user productivity.