It’s safe to say that 2021 has been a challenging yet rewarding year for those working to ensure cyber security systems provide protection. A continued shift to remote working highlighted the importance of security in an era of digital transformation, and hopefully, business leaders have taken onboard the critical need for effective online protection, particularly where email security is concerned.
Perhaps now is a good time to reflect on how firms have tackled the existential challenge of increasing cyber risks in a rapidly changing online landscape. In this article, we’ll focus on what businesses have learned over the past twelve months, and how this can help us to turn 2022 into a safer and more successful year.
What are the key lessons in email security from 2021?
While the rollout of vaccinations offered hope against the Covid-19 pandemic, approximately half of office workers continued to work from home in some capacity throughout 2021. Unsurprisingly, cybercriminals used this to their advantage.
Coronavirus-related phishing, which spiked by over 600% in 2020, continued to be an issue in 2021 throughout the inboxes of workers. Subject titles alluding to Covid-19 test results or suggestions that individuals had been in contact with an infected person led to data being plundered via clicks on illegitimate links.
Email attachments were used in a similar manner, with malicious emails purporting to be test results or other important Covid-19 related information being sent to corporate email addresses, with the resulting attachments turning out to be ransomware. In a year of confusion, it’s easy to see how so many workers fell for such scams. The biggest lesson to learn here is to ensure that all employees (whether working remotely or in the office) are briefed on the dangers of emails, and provided sufficient training to help them become less vulnerable to exploitation.
What to expect from email security threats in 2022?
While the world slowly returns to normality, we can anticipate that the challenges created by remote working will continue to accelerate. While phishing schemes may seem simple, they are perhaps given more validation when workers are at home and don’t have the advice of an IT technician at the other end of the office to rely on.
Ransomware, a piece of code that locks the user out of their machine until a ‘ransom’ (usually a sum of money in cryptocurrency) is paid, looks set to continue to rise in 2022 also. With many workers performing tasks while remotely logged into their office network, the need for vigilance, as well as the need for adequate protection against such attacks, has never been greater.
How will remote working affect email security in 2022?
Some business leaders seem under the impression that because staff are working from home, it means the main office network is safe. Unfortunately, this is not the case when workers are logged in remotely.
One of the biggest email security concerns around remote working is if employees are using their own devices, or continuing to use work devices for recreational browsing outside of work time, they could unknowingly be putting company data at risk by opening personal emails while still connected to a company network, or while having company data stored on a personal device.
How can SMEs prepare for email security threats in 2022?
With the WFH model continuing to stay in place, it is particularly important for SMEs to have regular security “refresher” meetings with all employees, which can take place remotely if needs be.
During such meetings or seminars, business leaders and IT professionals need to highlight the need for workers to:
1) Ensure software is updated
Employees should download app updates for email clients and anti-malware software as soon as they are available. These updates contain critical security upgrades to keep data and devices safe.
2) Create strong passwords
Passwords should contain a mixture of lower and upper-case letters, numbers and symbols, and should be impossible to guess or socially engineer. SMEs should foster a culture of changing passwords at regular intervals to prevent email accounts from becoming compromised.
3) Attend email awareness training
Employees need to be vigilant when it comes to suspicious emails, and this isn’t always as easy as you think. Training, seminars and mock attacks can all help teams to be more understanding of the threats faced at the hands of cybercriminals. SMEs who are unable to provide this training in-house should think strongly about hiring the services of a third-party email security expert.
As the digital landscape continues to evolve, so do threats to data security, particularly through emails. While this may seem daunting, SME figureheads are encouraged to think positively, to demonstrate leadership and to put the right systems in place to avoid company data becoming compromised.