Why a billion hacked e-mail accounts are just the start
In the last 12 months, news reports have brought to light several high-profile, and catastrophic email security breaches that have impacted organizations and individuals around the globe. In fact, in Sept. 2016 a well-known tech company disclosed that a security breach affected at least 1 billion customers which, according to Wired.com, equates to roughly one-third of internet users worldwide. In addition, the contact information of more than 1.5 million customers of a major wireless provider were stolen by “a prominent member of a closely guarded underground cybercrime forum,” according to a report by Fortune. The contact information was then listed for sale, and the cybercriminal(s) also “offered up information about vulnerabilities affecting the company’s website for money.” After such public data security failures, and ensuing lawsuits, public distrust, and reputation management issues, the general assumption would be that corporations and government agencies would quickly take all of the measures necessary to tighten up their security. Unfortunately, such things take time to develop and implement. And in the meantime, attacks on corporations, government agencies and individuals are only expected to rise, according to a report by NBCNews.com.
Why Cybercriminals Target Email
Email accounts are hacked by cybercriminals because they are often a weak link in an organization's security pipeline. In addition, when hacked, they unlock a virtual treasure trove of information, including personal data, contacts, sensitive corporate documents, etc. Think about it – whenever anyone signs up for any online service, the user must enter an email address, and whoever controls that email address can reset the password and take over the account – all without the (at least immediate) knowledge of the account's rightful owner.
To put this in perspective, if you have 300 employees, and those employees each have just 10 accounts linked back to their corporate email addresses, that's 3,000 accounts associated with your organization, in addition to email communication and contact lists, that hackers can monitor and/or control. Now, consider this scenario in terms of your own employees, accounts, communications, and contacts – and the amount of data your organization could potentially hand over to cybercriminals due to an email hack could quickly spiral out of control.
Protecting Your Organization & Your Customers
In a world where cybercrime is on the rise, and criminals are becoming more sophisticated by the day, a secure email service must deliver on its promise of protection. But just what data security features should you look for in an email host? Take a look at three of the most critical:
- Two-Factor Authentication: When you choose an email service featuring a two-step verification process, users will have to use two different forms of identity: a password, and a contact method (also known as security info), in order to login to their accounts. This means that even if a password has been hacked, the would-be criminals will be unable to access the account if they don't have access to your security info.
- Updated Anti-Malware & Spam Protection: To help prevent email accounts from being hacked, look for a service that regularly and vigilantly delivers updated anti-malware and spam protection. Talk to your sales representative about anti-malware/spam protection releases, and the hosting company's response time to new threats.
- Built-In Data Loss Prevention Policies: A secure email hosting service will help protect your data with built-in DLP policies that are based on regulatory standards, which will allow you to achieve industry compliance, and identify, monitor and protect your organization's most sensitive, and vulnerable, data.
In addition, finding a service that can grow with you as your organization, and your needs, change is critical. Consider choosing services with multi-factor authentication, always up-to-date virus and malware protection, built-in DLP policies and 24/7 support just to name a few. These types of cutting-edge services provide a critical layer of security that won't disrupt your operations.
The Growth Center does not constitute professional tax or financial advice. You should contact your own tax or financial professional to discuss your situation.