There is a massive misconception that small and medium-size businesses are less vulnerable to cyber attacks and in particular email threats. The opposite is, in fact, true as they generally do not have adequate security measures in place.
If your company has internet and email you are vulnerable and every precaution should be taken to protect your business.
Large corporates can afford specialised security teams who are given responsibility for each system that the company is running. So in a large well-organised network, the company would have:
- Extremely costly firewalls that are maintained by a security team
- Regular penetration and vulnerability assessments being run against the network
- Data that is well structured and user access well controlled
- Multiple layered email defence mechanism to ensure email is secure
- Regular structured user training around email and cyber security and best practices
In the small to medium-sized business, it is rare to see any of these elements with adequate focus and protection. The cost of having these kinds of security measures with an in-house IT team is just simply not affordable or even feasible given the complexities of the systems required.
We have seen email threats to be the biggest threat to business, supported by data from our email security platform that cleans and filters our customer’s email. The following statistics are for January 2019 – real numbers on the email from business customers:
- Single Threat Messages: 8 241 780 – 62.5%
- Multiple threat messages: 212 985 – 15.1%
- Clean messages: 3 201 280 – 22.4%
That’s nearly 78% of received email containing security threats across over 63,000 user mailboxes.
Phishing is a massive problem worldwide with thousands of businesses falling victim to cyber criminals. The two major reasons for this are education and affordability. Too many businesses have their heads in the sand and often believe it is only consumers or large corporates that are vulnerable and that it won’t happen to them.
The other reason is affordability or rather the misconception that security is too expensive. A full blown attack can seriously cripple a business, so security needs to be included in an IT budget just as with any other insurance policy.
So, what measures can a company put in place to protect themselves:
- Email Security: Relying on your email provider to scan your email is just not sufficient, even if it is Microsoft Office 365. There are specialist email security companies that have Advanced Threat Protection which literally dismantle your email and scan every aspect of it before putting it back together and delivering it safely to your mailbox.
- Centralised and automated Patch management: Installing critical and high security patches to all network devices is absolutely critical. If we look at the WannaCry virus, there were patches available 59 days prior to the breakout – yet it still managed to have a significant impact on business due to patches simply not being applied through poor control and management.
- Best in industry endpoint malware protection: Remember the bad stuff isn’t only coming in via mail. USB drives, laptops and mobiles that leave your network and harmful internet sites are massive threats.
- Automated backups are absolutely essential in any business: The more regularly you can back up the better. Using a backup technology that can detect ransomware is critical. Often ransomware will remain dormant for some time which means that even if you think you have a good backup it could be compromised without using the correct solution.
- Last but not least: A little bit of common sense goes a long way. Basic user education around how to identify threats (for a starter, “Don’t click on strange links and avoid tempting free offers online”) and what to do immediately if there is a breach need to be well communicated.
All of these components can be complicated and expensive to manage on an individual basis. However, Cloudbox offers a comprehensive security suite as standard for every customer and user device, with Advanced Threat Detection a low cost option.
Justin Trent is chief executive at CLOUDBOX. The views expressed here are his own.
And, be sure to follow us on our SOCIAL MEDIA PLATFORMS to keep up to date with the latest news.