Protecting emails and their content presents a significant challenge for your customers. According to IBM’s X-Force researchers, not only is the number of spam emails rapidly increasing, it’s estimated that more than half of all emails are spam. Considering the number of emails that pass through each employee’s inbox on a given day, this represents an ever-present threat of an infected network, unauthorized access to files or a ransomware attack that could result in data loss.
Email security also has a close tie-in to a number of industry regulations. HIPAA’s Security Rule for the Protection of Electronic Protected Health Information, for example, requires that technical safeguards are in place to secure protected health information (PHI) from unauthorized access. Additionally, the Financial Industry Regulatory Authority (FINRA) requires encryption for information provided by mobile devices.
Here are three email security challenges any of your clients can face, and they will need your help to comply with regulations and keep email data secure.
1. Phishing Emails
Phishing emails have become a primary cyberattack vector. The Ponemon Institute’s 2017 State of SMB Cybersecurity report states that 48 percent of attacks against SMBs are phishing emails, ranking it as the most common type of cyberattack against these businesses. Furthermore, 79 percent of SMBs say phishing attacks result in ransomware infecting their computer systems.
To combat phishing, employee training is the first line of defense. Phishing emails are crafted to try to get people to click, either releasing malware onto the computer or taking the recipient to a website where they are asked to enter sensitive information. Your clients’ employees need to be trained to recognize a phishing email and not fall prey to it. One resource you can recommend to them is the University of California (UC) Berkeley’s site The Phish Tank, which provides examples and an explanation of how to spot a phishing email.
Even with training, however, humans sometimes make mistakes. Provide your clients with a technology solution that recognizes signs of a phishing email and blocks malicious traffic and URLs as an added safeguard.
2. Protecting Email in Transit
Clients that are bound by regulation when transmitting sensitive data may have established processes for compliance, such as using a secure file transfer protocol (SFTP). Sometimes, however, protected data may be included in an email, which may create a vulnerability. Email that isn’t protected by a security solution could potentially be intercepted by unauthorized people or malware programs. Additionally, human error could result in an email inadvertently being sent to the wrong recipient.
Encryption solutions are available that require texting a decryption code to the intended recipient, but adding steps to the information-sharing process could make it less manageable—and less likely to be used by your clients’ staff. Provide your clients with a solution that encrypts emails without making the process cumbersome, as well as empowers them to set rules for email content that must be flagged for encryption, quarantined or blocked from transmission.
3. Archiving Email
When you are working with a client to provide an email security solution, you also need to consider email archiving. Archived messages must comply with industry regulations that govern security, and they must also be protected from loss or destruction when required for e-discovery for legal or law enforcement purposes.
Equip your clients with a solution that keeps archived emails safe, empowers them to set permissions for access and specific retention policies, and enables them to conduct searches quickly and easily.
The escalating threats against your customers’ emails creates a prime opportunity for your MSP to offer security solutions that meet email security and other data protection challenges. It also enables your company to assume the role of business advisor, which is imperative for building deeper relationships with your clients.
Jason Howells is the EMEA Sales Director for Barracuda MSP.
This guest blog is part of a Channel Futures sponsorship.