Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

As your business grows, so too will your worries. Sure, you may be right on track to meeting your financial goals, achieving success, and increasing your impact on the world. But as your reach grows, your workforce will expand. And as you hire more employees, you’ll have a harder time monitoring everything flowing in and out of your business.

So while you might have been able to keep track of all daily activities in the past when your business was smaller, it’s now a task that’s become physically and mentally impossible for one single person to manage.

All of these problems are magnified by email. Whereas before it may have been just you and a few other key staff emailing clients and each other, the onboarding of new employees has made email communication increasingly unmanageable. Email security is now a subject that has to stay in focus

 

Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book

 

Email security

Email may be a logistical headache, but it can be especially troubling for your cybersecurity. Around 25% of emails sent in Office 365 contain phishing or malware; naturally, cybersecurity needs are growing among businesses both large and small.

Deputy Attorney Rod Rosenstein predicted that the cost of cybercrime will double from $3 trillion in 2015 to $6 trillion in 2021, and the US Department of Justice found that ransomware attacks quadrupled from 1,000 attacks per day in 2015 to more than 4,000 attacks per day in 2017.

Many of these cyber attacks are executed via email, especially the two main ones: phishing and ransomware.

The Dangers of Phishing

So what is phishing? Phishing is a term used to describe a cybersecurity attack in which a hacker poses as someone the victim knows, or someone who appears trustworthy (like an agent from their bank or an employee at their company), and goads the employee into clicking on a link that might prompt them to share a password or let the hacker gain access to their computer. This is one of the most common cyber attacks, and one of the most effective, so it’s important to be aware of phishing and know how to combat it.

You can do many things to mitigate the risk of a phishing attack, such as increasing employee training, watching the reports you receive from Office Protect, or setting up alerts. However, nothing is foolproof, and employees are often tricked by phishing messages, even those that may not be particularly convincing. It’s very easy for anyone to become busy and distracted and click on something that claims to need your urgent attention. We should never leave email security to chance but look into how we can prevent it.

The Dangers of Ransomware

However, phishing is not the only danger that can be spread through email—ransomware is yet another common cyber attack that’s often delivered through this medium. Hackers may send out an email message—often fear based, like claiming that your computer has a virus—and then infect the recipient’s computer via a malicious attachment or through something called drive-by downloading.

Drive-by downloading occurs when a user clicks on a link to a page that will download and install malware in the background without the user even knowing it. At that point, a hacker could either lie in wait or immediately infect the user’s system. Either way, the victim will likely never even know that their device has been compromised.

So what happens once the malicious software has downloaded onto your internal network? Most often, a hacker will encrypt all the data on your infected devices—or lock you out of your network—and then demand large sums of money in bitcoin payments to reverse the damage.

Ramifications of a Ransomware attack

 

Sometimes, a ransomware attack is not even about the money but is just about people wanting to disrupt a business. A ski resort’s key system was once held hostage for just two bitcoins (a value of $1800 at the time), preventing guests from accessing their rooms. In an even more concerning incident, a hospital once had to immediately pay $17,000 just to re-access its computer systems.

Even right now, the city of Baltimore is dealing with a ransomware attack where the hackers have demanded over $100,000. This has caused significant disruption, from home sales being delayed to citizens being unable to pay their water bills.

While we’ve mostly focused on large-scale ransomware attacks, as those tend to make the news, this threat is not limited to large corporations and multi-million dollar ransoms. Sometimes, ransomware attackers will intentionally perform smaller attacks on many different small-to-medium-sized companies in order to avoid publicity or jail time. And small business owners will often pay those few thousand dollars to make the problem go away.

 

The Solution to Email Security

So what can you do to help prevent ransomware from targeting your business? We know that training will never be 100% effective, and reporting and alerts tend to tell you when things happen after the fact, which is great in the long term but not necessarily in the face of a short-term threat.

Fortunately, Office Protect has a solution that can help. It has a setting that lets you only receive emails with the languages you choose to be admitted into your internal network. This can be especially useful, as phishing and ransomware attacks often come from hackers situated in foreign countries (to make prosecuting and finding them more difficult) and thus contain portions of the email that are in their current location’s language.

You get to choose which languages you know your employees communicate with the most and adjust the list as your business grows globally, but you can greatly reduce the threat of phishing and ransomware coming in over email simply by switching this feature on.

To do so, simply access it from your dashboard—go into your Office Protect settings, and you’ll see the toggle menu, security impact (low), and user impact (medium) for this option.

Written by The Sherweb Team Collaborators @ Sherweb