A recent industry report has highlighted the increase in compromised business email accounts and the risk this can pose to organisations through targeted spear phishing. (Read the full report).
A compromised business email account is dangerous because it lets unauthorised users launch spear phishing attacks from within an organisation, tailoring them specifically after researching the contents of the compromised mailbox. As well as phishing, attackers can use the mailbox to set up fraudulent financial transactions and steal business-critical information.
Somewhat ironically, email accounts can themselves be compromised through phishing in the first place. By impersonating trusted parties in email messages, attackers hope to get the target to hand over sensitive information like their email password. What this means is that one way to protect against spear phishing is to prevent the initial phishing attack and subsequent compromise.
The report also showed that accidental disclosure was one of the most common causes of data loss, being responsible for 22% of breaches. It made clear that all sectors are affected by this risk, but it was even worse for healthcare organisations, where accidental disclosure was responsible for 38% of breaches.
Despite the impact these breaches can have, email compromise and accidental disclosure are preventable. With a combination of intelligent security tools, integrated user training and powerful email analytics, organisations can avoid the significant financial and reputational costs that email compromise and accidental disclosure can cause.
What can you do about accidental disclosure?
User training and accidental send prevention with Egress Threat Protection
According to the report, accidental disclosure is responsible for nearly a quarter of all data breaches. Threat Protection adds simple yet vital functionality to email clients to prevent the accidental send and warn users if they attempt to email a recipient they’ve never previously communicated with. These situations could be when a user goes to reply to a spoofed email that looks very similar to a correct email address but with a one or two characters changed.
Threat Protection leverages machine learning to understand email sending behaviour and warn users when they are about to make a mistake, such as adding the wrong ‘Bob’ to an email thread containing sensitive information. By offering advice and recommendations in real-time, within existing working processes and email clients, Threat Protection improves security culture, training users to be vigilant and take care when dealing with sensitive information. It provides a safety net that helps them work securely without impeding their day-to-day habits.
What can you do about business email compromise?
In their report, Beazley recommend two-factor authentication and user training to mitigate risks of email compromise and accidental disclosure.
Encryption at rest and two-factor authentication with Egress Email and File Protection
Messages containing sensitive financial data, or any other business-critical information, can be encrypted at a message level with our secure email service. Even if an attacker gained access to the mailbox, to access this content they would also need to compromise the user’s Egress ID; it’s providing two-factor authentication as standard.
Further protection can be added for highly classified information by implementing additional authentication measures like an SMS one-time password. These Email and File Protection features are customizable, automated and intelligent, based on an organization’s specific business file sharing needs. For example, users can be mandated to encrypt messages before sending if the system detects financial information within the message body or attachment.
Crucially, content is not permanently decrypted in the mailbox; it sits in an encrypted state and re-encrypts upon closing the message. Hence, attackers would need to negate three or more layers of authentication to access any information within. In addition, auditing information about these access attempts is logged continuously.
Email analytics and reporting with Egress Secure Vault
Attacks that compromise mailboxes are among the costliest types of data breach because organisations need to spend massive amounts of resources to discover the full scale of the breach and exactly what sensitive information has been affected. This is in addition to any regulatory fines that they face. Our ediscovery software offers a comprehensive and detailed view of organisational email sharing, with alerts, reports and in-depth search enabling administrators to pinpoint potential and actual breaches in real time. Administrators can uncover behaviour that could cause data loss, track documents through their lifecycle and trace the activity of compromised mailboxes with all email data available for bespoke investigations.
With the use of cloud-hosted mail services becoming the norm, it is more important than ever to ensure organisations keep mailboxes secured. By adding a few security components to existing cloud mail implementations, business email compromise can be prevented and accidental disclosure can become a thing of the past.