Even with new ways to communicate popping up, email is still the most popular method of business communications. Its speed and searchability are just a few of the reasons why email beats other forms of communication. With its popularity and the amount of sensitive information that is sent out daily, security is always a concern. As email continues to have a place in business operations, criminals are looking at every opportunity to use it to their advantage. Email fraud is still one of the primary ways to steal and exploit personal data and vulnerabilities within an organizations network.
Email Impersonation
Often called phishing, whaling, or SMiShing, email impersonation is one of the more effective forms of email fraud. The goal of an impersonation email is to appear legitimate enough that the recipient is convinced and will take action. An example would be an email that seems to be from the recipient’s bank asking to verify their login credentials. Not wanting anything to happen to their account, the recipient will follow the link provided and unknowingly give over their information to a criminal. Another example is if someone opened an attachment that appeared to be authentic but installed ransomware into the network.
Email Security by the Numbers
Here are some recent statistics to show how big of a problem email fraud can be for a business.
- The number of email users will exceed 3.7 billion, or about half the worldwide population in 2017.
- Phishing attacks accounted for 91% of all attempted cyberattacks.
- Top three reasons people complied with phishing emails: curiosity (13.7%), fear (13.4%), and urgency (13.2%).
- Email fraud with the 2nd most successful external intrusion method in 2017.
Reducing Your Business’s Risk of Email Fraud
Implementing two encryption and email authentication are two of the ways to protect your business from email fraud.
- Only 0.5% of the top million domains use email authentication to protect against impersonation.
- The average company could save $8.1 million per year by implementing email authentication. That number skyrockets to $16.2 billion across the Fortune 2000.
Below are two standards that email security experts agree reduce the number of cybersecurity gaps and risk of email fraud.
- DMARC: The first standard, Domain-based Message Authentication, Reporting, and Conformance, or DMARC, authenticate an email domain. The authentication ensures that the domain and sender’s information align. DMARC has proven successful and been found to detect most email spoofing and impersonation attempts.
- STARTTLS: The second standard, called STARTTLS, is a command that orders a secured connection that subsequently encrypts the email data being sent and received.
Both DMARC and STARTTLS have proven to be so effective that the U.S. Department of Homeland Security has ordered all federal agencies to implement them to fight email fraud.
Federally Mandated Email Regulations for Businesses
Government regulations are put in place to help keep sensitive customer information out of the hands of cybercriminals.
- HIPAA: Those entities in the healthcare industry that are required to follow the Health Insurance Portability and Accountability Act (HIPAA) must implement access controls, audit controls, integrity controls, ID authentication, and transmission security before an email correspondence that includes personal health information is “in compliance.”
- PCI-DSS: Companies that use customer credit card information are required to meet PCI data security standard. The PCI-DSS expressly advises organizations to never use email, encrypted or otherwise, to share credit card data. Because emails are stored for long periods of time, it violates the PCI rules regarding card information storage after authorization and maintenance of access control always. Still, many PCI compliant businesses choose to use email encryption as an additional security measure.
Start Fighting Email Fraud Today
IT Support Guys is equipped to help your organization get protected and fight all types of cybercrimes, including email fraud. Contact IT Support Guys at 855-4IT-GUYS (855-448-4897) or learn more about our network security solutions here.