There is a diversity of business activities spread across the world, which come together and communicate in a common way: email. E-mail continues to be the most used form of communication in the business environment and, it seems, will continue to be so.
In 2020 we had several lessons learned, and perhaps the biggest of them was working remotely. But, in addition, the data collected by cybersecurity research companies brought us other great sources of knowledge for 2021.
In this article, we will address the data on cyber attacks and virtual threats coming via email in 2020 in the business environment, and also list the 7 lessons that this data left us, so that professionals and companies do not make the same mistakes again.
7 lessons from 2020 on business email security
Over the years, concerns about cybersecurity have increased, following the increase in cyber attacks and, mainly, their effectiveness, managing to steal data, extort companies and people and make bank transfers, as you can see in our internet security newsletter . However, business email remains a constant target for digital criminals, aggravated by the pandemic, with most professionals working from home .
Given this scenario, 2020 brought several lessons for companies and professionals looking for more email security, as you can see below.
Lesson 1: Concern about email security still matters
Even though it is considered an old means of communication, corporate email is still widely used and deserves the attention of managers and professionals responsible for its security. The State of Email Security 2020 survey , 60% of managers and professionals interviewed in the survey believe that they will inevitably suffer an email attack this year. Additionally, the same 60% noticed an increase in fraud and impersonation attempts in their corporate emails in 2020.
Therefore, worrying about offering security tools, systems and training in business email is important and should be part of strategic planning within companies for this year.
Lesson 2: Phishing attacks are on the rise
As we said previously, attacks have been increasing progressively, taking advantage of the favorable scenario and campaigns based on data about the pandemic. The State of Email Security 2020 survey , 72% of respondents saw an increase in the receipt of phishing emails in their companies and also, a 30% increase in impersonation was found from January to April 2020.
Looking for unprepared or inattentive users, phishing attacks are widely used, mainly in search of banking and access data.
Lesson 3: Ransomware attacks still cause downtime
What is expected with technological evolution is that over time, measures to protect or correct problems related to cyber attacks will improve and become more effective. But the truth is that the side effects of ransomware attacks are not improving year after year. According to TMTC 2020 (The State of Email Security 2020), among those interviewed who suffered an attack of this type in their company, the average company downtime after the attack was 3 days.
Imagine 3 days without a system, database, with employees standing still waiting for the correction. For any size company, this would be catastrophic.
Lesson 3: Team training is still not taken seriously
We've said it several times here on the blog, and it never hurts to repeat it again: making employees aware of internet security, especially when using e-mails, is very important. Only 21% of respondents in the 2020 TMTC survey offer monthly training to their employees on business email security. The vast majority leave it up to the employee's common sense and knowledge to keep the data traveling via email safe.
Lesson 5: Lack of training causes data leaks
Many wonder if training employees actually reduces the risk of cyberattacks. According to the TMTC 2020 survey, the lack of corporate email security awareness ends in clicking on harmful links and leaking company data. In the research, it was found that companies that do not use training methods with their staff are 5 times more likely to click on malicious files. Furthermore, 60% of respondents were affected by attacks of this type and also spread the malware to other company employees.
Lesson 6: Spoofing attacks are on the rise
When someone pretends to be a person from the company, or someone you know, trying to access confidential company information, it qualifies as a spoofing attack . Normally in search of financial gains, this attack is very common, and widely used, after all, on social networks today, anyone can obtain a lot of information about anyone, using this information to persuade users to provide access to company systems and data.
On average, there are 9 email spoofing attacks per organization each year, according to TMTC 2020 research. Therefore, taking care of what information about the company is disclosed is very important. Furthermore, it is always good to be wary of friendly emails requesting data and access.
Lesson 7: Company internet security systems have never been more important
We can agree that internet security strategies and systems, especially in emails, are important, but they are not implemented by the vast majority of companies. Again citing data from the TMTC 2020 survey, 40% of the companies interviewed do not have a monitoring and protection system against cyber attacks, or any contingency plan in the event of a data leak and 60% of organizations believe that it is inevitable to suffer an attack by e.g. -mail this year.
In short, the concern is great, but efforts to contain these attacks are not always.
How to avoid email security problems?
What most companies think about is what to do after suffering a cyber attack. Backup tools , for example, can solve problems like this, but they do not save the company from new attacks, nor does it give the headache of restoring all the data and being inactive for a while, for example.
The ideal is to avoid data leaks not only via email, but also through other possible entry points for digital criminals. Internet access management and control tools can prevent the vast majority of these attacks, and in addition, take the burden off employees' shoulders of being primarily responsible for security breaches.
With Lumiun Box , for example, it is possible to block websites considered harmful, preventing inattentive or unaware employees from accessing websites sent to the company's email. Furthermore, Lumiun's internet access management system controls many other websites, such as social networks and pornography. This way, it is possible to protect company data and also keep employees focused and productive during working hours.
If you want to learn more about Lumiun's solutions, take a free trial , or schedule a no-obligation demonstration with our consultant, and see in practice how we can help protect your devices from email threats.