WELCOME TO THE MAY 2024 NEWSLETTER
Cyber Scoop is KeyStone Solutions monthly newsletter about the latest trends, topics, and articles relating to cybersecurity. As a Managed Service Security Provider (MSSP), KeyStone’s expert team helps small to medium sized businesses with IT services including virtual Chief Information Security Officer (vCISO), cybersecurity, help desk support, Governance, Risk, and Compliance (GRC), cloud solutions, and KeyStone’s signature service, IT Team as a Service (ITTaaS) which is an all-encompass solution.
From The Desk of the CISO
Why do I need more email security?
By Rob Ashcraft, CISO at KeyStone Solutions
I have been part of several recent conversations with customers who were asking, “Why do I need more email security?” It is a fair question and I wanted to share a few thoughts around email security this month. First, a few facts to consider; Email is the primary form of communication in today’s digital world. Email is also a means of direct contact to your employees from external entities, many with nefarious intent. And email phishing is by far the most successful method for successful cyberattacks.
5 Ways To Improve Email Security
Commentary by KeyStone’s Rob Ashcraft
According to an article in Tech Radar, email is the most used business productivity tool by most all organizations. That said, it only stands to reason that phishing attacks continue to rise, growing over 100% per quarter. Organizations must step-up their game to implement appropriate countermeasures. Keep in mind, an attacker only has to be successful once. Your organization has to get it right every time.
Here are my takeaways from this article:
- Email has a personal feel to it which makes this business tool a great conduit for social engineering attacks.
- It is too easy for a user to get in a rush, skip steps in verifying legitimacy, and just respond to an email.
- This behavior can turn into habit and opens up huge risk for your organization. These bad habits are what attackers are counting on.
- Security awareness training and phishing testing are essential counter measures against phishing and other social engineering attacks.
- Security awareness activities should go beyond just training such as a discussion topic for company meetings, reminders, threat advisories on company intranet, etc.
- Organizations should consider implementing advanced email security solutions that better detect new sophisticated phishing attacks.
- Consider additional counter measures to layer defenses such as advanced scanning solutions and sandboxing attachments.
- Defenses should not stop at email… organizations should consider policy, procedures, and additional security controls for consider web browsing, voice calls, and physical security.
Click on the link below to read the article from Tech Radar.