Companies use e-mails for internal and external communication since the nineties, and while IT experts continually develop new forms of its security, targeted e-mail attacks are on the rise.
There are one hundred and twenty billion business e-mails sent each day. According to a survey carried out by the American SANS Technology Institute, 75% of phishing, malware, and ransomware attacks enter through e-mails. Usually, the recipient clicks on a malicious link which redirects him to a malicious website. As states the survey, companies are more likely to suffer a breach through these attacks than by a hacker who would attack their network.
Cyber attacks target both small and large companies. According to data analysed by Microsoft, cyber-attacks on companies with 250 or fewer employees doubled in the first half of last year. The damage caused by one attack was more than 188,000 US dollars on average. According to the American Center for Strategic and International Studies, cyber attacks on American companies cause a loss of 100 billion US dollars each year.
World cybercrime in figure
Varonis.com made an overview of the most interesting data relating to global damage caused by hackers.
- In 2017, cybercrime costs accelerated with organisations spending nearly 23 per cent more than 2016 — on average about 12 million US dollars.
- The average damage caused by a malware attack cost about 2.4 million US dollars.
- On average it takes fifty days to remove the consequences of a malware attack.
- The most significant damage is caused by the loss of information, which represents 43 per cent of costs.
- Ransomware damage costs exceeded 5 billion in 2017, which is 15 times the cost in 2015.
- In companies with more than fifty thousand stolen records, the average price of a data breach is 6.3 million US dollars.
- The total damage caused by cyberattacks in 2021 should be around six trillion US dollars.
Basic Rules for Companies and Employees
- Never click on links and never open attachments in e-mails from unknown persons.
- Do not respond to e-mails that request a password change or require your personal data, no matter how official the message appears.
- Regularly update antivirus programs.
- Encrypt all confidential data before sending an e-mail.
- Do not use the corporate e-mail address for personal communication.
- Do not forward company e-mails to third parties.
Some companies test the reaction of their employees by sending them phishing e-mails or similar messages. Those who did not click on an attached link or reported a suspicious e-mail to the IT department are rewarded.
Employees should never leave an unlocked or unsecured computer. Establish a company policy for employees to lock their computer any time they leave their workplace, even if they just want to have a chat with their colleague sitting next to them. Of course, the subsequent unlocking is conditioned by entering the user's password.
Do not underestimate the security rules for mobile devices that are used by your employees, whether they are corporate or private. Mobile phones and tablets should be secured with a sufficiently strong password and use applications that prevent hackers from attacking the device through a shared WiFi network. It is also important to correctly set the access rights and be able to delete corporate data from personal devices after the termination of employment.
Secure E-mail Communication
In addition to standard security rules, all corporate computers, not just the selected ones, should use encrypted e-mails.
If you encrypt your e-mail communication, you protect not only your company data but also the data concerning your clients. You can choose several options depending on the desired degree of security and your convenience. In general, easy solutions are not the most reliable ones. You can download a special encryption plug into your e-mail client.
And do not forget a strong password. Every employee should use his password to access both the computer and the e-mail client. Consider a multi-factor authentication system that can be connected to a company mobile device.
The ideal password is at least twelve characters long and consists of a combination of numbers, symbols, and lower and upper case letters. It should not contain general information, such as names of children, pets or dates of birth. A general principle says that your employees should use different passwords for different services. To remember them, you can use various programs for password management.
Security is crucial in case of employees who work with personal or sensitive data. But do not underestimate the interest of your competition and be careful not only when you send an e-mail to your lawyer or accountant! Even seemingly insignificant details can do damage in wrong hands. Therefore, pay attention to your cyber system as it is always better to exaggerate than solve problems.
The only internal communication channel, in which eWay-CRM employees have not used end-to-end encryption, have been e-mails. Therefore, the technical director of the company, Mr Roman Stefko, decided to use Talkey. Details of the selected security solutions will be discussed in the upcoming interview.