Protecting your most valuable data is no longer a choice
It’s rare that a buzzword is based on a genuine threat. But in the case of secure email, the threat is real and is affecting all industries around the world. The number of data breaches, malware and espionage attacks using email is growing. Switching to a secure email service is no longer a matter of choice but a matter of necessity.
Secure email adds encryption to your email communications with the purpose of eliminating unauthorized interception of email communications.
In this article, we’ll highlight the risks involved in using an unsecured email system, look at how an email attack can affect your organization, and provide an overview of what to expect from a top-tier secure email service.
Without secure email, your privacy is at risk
Using an unsecured email service provider exposes your organization to many risks, usually in one or more of these categories:
A data breach refers to the loss or compromise of information. The consequences of a breach could be catastrophic depending on the sensitivity of the information exposed. Serious cases involve compromised financial details, contact information, identity and health information, tax file numbers and more.
Cybercriminals use email to send malicious attachments or URLs to install a virus on the recipients’ computer. Ransomware is a common form of malware. The attack is a form of extortion by denying access to the victim’s data until they pay a ransom. Growing in popularity, malicious links are being used for cryptojacking attacks. By installing malware, an attacker can use the victim's device processing power to mine cryptocurrencies - without the recipient’s consent or knowledge.
Cyber espionage consists of stealing secrets, intellectual property rights and proprietary information. These sneaky attacks can affect any kind of organization, but often targeted government entities, banks, medical facilities, legal practices, media organizations, celebrities and more.
Not all email threats are coordinated master plans. According to the OAIC, 4% of data breaches are the result of system fault and another 34% are attributed to human error. For example, sensitive information is accidentally sent to the wrong email address or a laptop left unlocked when leaving for lunch.
Secure email is no longer optional
If you still haven’t switched to a secure email service, an email breach is not a question of if but when and it can have catastrophic repercussions for business.
For one thing, a data breach means monetary loss. According to a 2019 study conducted by IBM and Ponemon, the global average cost of a data breach is a staggering $3.92M. European businesses risk getting hit even harder by losing an extra 4% of their profits to GDPR compliance fines.
Other consequences of a breach or email attack are no less severe. Losing sensitive, confidential or business-critical data translates to downtime and business disruption. It could also mean having to allocate resources remedy the breach; in addition to potential funds lost to the cybercriminals.
In the long-term, compromised data can tarnish a company’s reputation. A breach can ruin the trust you’ve built with employees, customers and partners. After all, questions will be asked about what could have been done to prevent the attack.
In 2019, email was involved in more than 91% of cyber attacks.
Email threats are only going to get worse. According to the European Union Agency for Cybersecurity (ENISA), compromised email is becoming the dominating attack vector of cybercriminals.
In 2019, email was used in more than 91% of cyber attacks and accounted for no less than 92.4% of malware infections.
It’s not only the propagation of email attacks that’s the problem but the increasing sophistication of it too.
Cyber criminals are adapting to the increase in security solutions. They are working around malware detection and are now targeting their efforts on phishing attacks and CEO fraud. As a result, phishing attacks made up 81% of blocked malware-less emails in 2019, almost doubling from the previous year.
Common types of email threats
It is important to be aware of the risks and be familiar with what they look like in practice. There are many forms of email threats, but the most popular vectors include the following:
Phishing is when a cybercriminal uses social engineering techniques to pose as someone else to lure an email recipient into a trap. The result could be getting the victim to wire money, hand over usernames, passwords, or credit card details. Often, the attack enables the cybercriminal to install malware when the victim to opens a malicious attachment or clicks on an unsafe URL. Phishing attacks are by far the most popular email attack vector, responsible for 90% of data breaches and 72% of malware infections.
Business email compromise.
Also known as spoofing, whaling and spear-phishing. BEC is a phishing attack targeting C-level executives. This is a form of fraud where an email sender impersonates an executive of a trusted organization and asks for access to information. An attacker may spend weeks preparing; studying the organization’s vendors, billing system and even CEO’s communication style. The credibility of the sender and the query-like nature of these emails make them difficult to spot.
Cryptojacking & Ransomware.
As mentioned earlier, cryptojacking is a new but very widespread phenomenon. A hacker hijacks a victim’s computing power (CPU or GPU) to mine cryptocurrencies without the victim's consent or knowledge. Ransomware (as the name suggests) is getting an email recipient to install a program that blocks the owner from accessing certain files and demanding a ransom to restore ownership.
A veteran in the email attack world, spam is the abusive use of email to flood users with unsolicited messages, usually using botnets. As victims become more aware of email security and cybercriminals innovate their attacks, spam is gradually becoming less prevalent.
Other forms of email threats continue to evolve by the day. Attackers are using more sophisticated strategies to gain access to private email communications. These include, for example, man-in-the-middle attacks, keylogger and brute-force attacks.
Must have security features
Despite the increasing awareness, a common misconception is that web-traffic encryption such as SSL/TLS or HTTPS are enough to protect email users’ privacy. Truth is they’re not. There’s a lot more to secure email than simple encryption. It’s important to make sure your secure email service provider covers at least these basics:
- End to end encryption: End-to-end email encryption ensures an email can only be read by its intended recipient. No third party in between the two contacts can read or tamper with the message.
- ECC Encryption: Elliptic Curve Cryptography is the next generation in encryption standards. It enables stronger and faster encryption than the PGP standard of RSA.
- Password Protection: One of the easiest ways to access someone’s email is to simply guess the password. Security protocols like brute-force protection and composite keys provide better password protection.
- Metadata handling: The process of sending emails leaves a trail of information. This includes information about the sender’s device, email application, network, and contacts - plus much more. Secure email services encrypt this metadata to protect your privacy.
To learn more about the security behind Ciphr Mail, visit our Security page.
Ciphr ensures your communication stays private
At Ciphr, privacy is a first priority. Our uncompromising concern for the security of email communication means we don’t stop at end-to-end encryption. Instead, we take security to the next level with powerful encryption features:
Elliptic-curve cryptography is an extremely safe form of public key cryptography. It uses the mathematical properties of elliptic curves to produce public key cryptographic systems. On the back-end, these are simple to compute in one direction, but nearly impossible to decipher without the encryption key. Ciphr uses ECC-448 encryption for fast and powerful protection.
Burn emails ensure no data remains visible in inboxes longer than necessary. By setting an expiration time on encrypted emails, messages are scheduled to self-destruct after a pre-selected amount of time has passed. Thanks to this feature, communication is ephemeral and secure. For added security, when a sender sets messages to burn, those emails cannot be forwarded, saved, or have another contact CC’d in the email chain.
Private key regeneration
Store encryption keys on your device to ensure that only you can access the information. You control when to regenerate your encryption keys right from your Ciphr app.
Access to Ciphr Mail is protected from brute-force attacks with Ciphr’s Composite Key feature. Setting a limit of failed password attempts keeps your information out of unauthorized hands.
Private email network.
Emailing with Ciphr removes many of the risks involved in email attacks by using a private network. Verifying the contacts you communicate adds trust to your secure network.
Full metadata encryption.
Besides encrypting the message content within an email, Ciphr also encrypts all metadata associated with the email - including subject line, headers, contact information and more.
Added security-first features.
Encrypting emails en-route is fundamental to secure emailing. Ciphr provides users with more ways to secure data with lockout timers, app reset from lock screen, and encrypted message folders for safe storage.
Switch to secure email today
Got questions? Get in touch! Contact us below.