A new report released in 2022 shows the poor state of email security measures of publicly-traded organizations. Less than 5% of the organizations that were studied, used the latest email security standards and email security tools to protect any email communications and sensitive information that might be shared.
Phishing solidifies its position as the most common type of cyberattack every year. The Anti-Phishing Working Group saw the highest level of phishing attacks in history during the first quarter of 2022, when there were more than 1 million attacks in total. In this article we'll dive deeper into standard security measures, security policies and the right email security solution for your organization.
What are Phishing Attacks?
Phishing is a type of cybercrime that involves contacting individuals by email, telephone or text message and asking them to provide sensitive information such as banking details, credit card numbers or passwords. This sensitive information is then used to access important accounts on the victim's device. Email accounts and mobile devices are also a common entry point for attackers looking to gain a foothold in an enterprise network and obtain confidential information. These data breaches can especially be devastating for businesses, as they can result in the loss of sensitive data or the exposure of confidential information.
How to Protect Your Sensitive Data?
In order to protect an organization from phishing attacks, businesses should adopt email security best practices, like having an automated email encryption solution in place and educate their fellow employees about the importance of protecting their business email accounts and not to open attachments in any malicious email they might receive.
- Use a secure email gateway
- Recognize cyberattack motives
Use a Secure Email Gateway
Another email security best practice is using a secure email gateway (SEG) also acts as a firewall between outbound email traffic and a user's email account. Hackers can use a variety of methods to access your account and steal your information, but a well-configured secure email gateway can act as an email security barrier, stopping them in their tracks. Additionally, SEGs can provide other email security measures, such as two-factor authentication by the email provider, email encryption and fraud detection.
By using a secure email gateway, you can help to keep your account safe from harm. Every business, regardless of its size, is a potential target of cyber attacks like phishing . That is because every business has key assets (financial or otherwise) that criminals may seek to exploit. Email encryption and other standard security measures help you protect your business email account from them.
Recognize Cyberattack Motives
By recognizing the common motives behind cyber attacks, you can build a better understanding of the risks to your email security, and understand how best to confront them. ATS Tech, an experienced managed IT services provider that provides email security services and can help your business adopt email security best practices and ensure your security policies are up to date by completing email gateway scans, helping you deflect deceptive messages and increase your email encryption.
How can Public Organizations Increase Email Security?
- DMARC
- BIMI
DMARC (Domain-Based Message Authentication, Reporting and Conformance)
DMARC and BIMI, two well-kept secrets, are already at the disposal of every organization all over the world to assist them against any email threats. The email security standard known as DMARC (domain-based message authentication, reporting and conformance) guards email servers against exact impersonation by hackers, which is the starting point for the bulk of phishing assaults.
By displaying a company's registered trademark in a recipient's inbox and creating visual trust that the email messages are actually from the sender, BIMI (brand indicators for message identification) builds on DMARC. These indicators can help members of your organization know when to and when not to open attachments and other correspondence from brands.
BIMI (Brand Indicators for Message Identification)
As it improves our email security ecosystem as a whole, BIMI is leading the way of the future for email security. An organization's sending and apex domains need to be DMARC compliant in order to be eligible for BIMI (a policy of quarantine 100 or reject), since it establishes visual trust in a business email messages with the intended recipient as a consequence.
The widespread adoption of BIMI contributes to the protection from email threats and the overall health of the email security ecosystem because of the DMARC email two factor authentication standards. As more businesses implement BIMI, more businesses in the ecosystem will be DMARC protected, making it harder for cybercriminals to conduct domain spoofing, a common precursor to cyberattacks.
The BIMI working group has been in existence for four years, and one year has passed since it entered the implementation phase. However, only 2.2% of domains, or those with the DMARC policy in place to support BIMI, are BIMI ready, according to data from over 66 million apex domains.
Email Security attacks have still become more frequent and damaging, ignoring the potential that DMARC with BIMI could have in preventing them, so organizations must obtain a verified mark certificate (VMC) for their primary/corporate domain from an authorized certificate authority like Entrust in order to fully benefit from the BIMI logo display in email clients.
Why is the Volume of Phishing Attacks Still Increasing?
The email security issue here is: Why are these email attacks becoming more frequent and damaging to sensitive information, given the considerable potential that DMARC with BIMI has securing email traffic?
Red Sift undertook an extensive analysis to determine the level of BIMI readiness and implementation across domains, organizations, and brands in order to respond to this question. It discovered that only 2.4% of S&P 500 firms have fully adapted BIMI, even though more than half of other organizations (51.2%) have adopted DMARC (i.e., are "BIMI ready"). The percentages are roughly the same among public organizations (49.9% are BIMI ready vs. 3.2% at complete BIMI adoption).
How Apple is Helping Public Email Security Measures?
While this data demonstrates that the majority of enterprises worldwide have not yet completed the last mile of BIMI adoption, Apple's support in iOS 16 heralds a seismic change and impending significant growth for email encryption and email security tools.
Apple joined Google, Yahoo, La Poste, and Fastmail in September As one of the main email services supporting BIMI. By being able to view the logo in an email from another organization that has adopted DMARC in iOS 16 and macOS Ventura, nearly 90% of users will have this visual trust that the email encryption is actually from that organization.
There are Several Reasons Why Apple's Support is Crucial:
- With Apple's assistance, BIMI can now be used with a new mailbox provider and email client.
- Apple's backing demonstrates growing market trust in BIMI.
- iOS' native support from Apple broadens popularity beyond merely mobile apps and webmail clients (like Yahoo/Google).
- With this update, Apple will make BIMI available to many more users.
- Apple has indicated that it will support DMARC and email security.
Adopting a VMC to be Completely BIMI ready
Although it makes sense to assume that the biggest public organizations will invest more heavily in DMARC as part of a complete security plan, there is still a significant gap between BIMI readiness and full implementation.
Businesses that have a verified mark certificate (VMC) for their primary/corporate domain from Entrust are able to fully benefit from the BIMI logo display in their email communications.
Last words
Now that VMC growth is exceeding BIMI alone, Red Sift is observing more evidence that businesses are following suit to protect their sensitive information. This demonstrates that they are more concerned with the security benefits of BIMI through DMARC than with brand benefits. Obtaining a VMC for your business can be challenging and tricky. Our cybersecurity expert teams at ATS Tech, an IT company in Atlanta, can help your business not only obtain a VMC and profit from BIMI, but also apply the newest email security standards to protect your organization.