Email security outside the workplace
Whether employers like it or not, hybrid and remote working is set to stay, especially as demand for flexible working increases. While many businesses are now asking staff to come back into the office more often, it’s important to recognize that every remote interaction with your systems (no matter how brief) can leave your organization exposed to illicit access and data theft.
We need to think about email security outside the workplace.
Over 75% of targeted cyberattacks start with an email.
Understand the risks involved
Remote working means loss of control. Employees aren’t just taking business laptops and access to your data outside the physical walls of your building (and potentially leaving them in all kinds of strange places), they’re also taking them beyond the firewall and connecting them to third-party networks, or even unsecured public networks.
People behave differently outside the office. We tend to be more vulnerable to distractions (from our environment, children, companions, or multitasking, for example) and less security-minded. This isn’t just a risk in terms of theft or loss of a device – it also makes us more vulnerable to phishing scams and impersonations. Shoulder surfing can also be a problem – you never know who’s looking when you’re in a public space.
A few minutes may be all it takes. A colleague who uses their phone to check work email in a coffee shop on a Saturday morning (or while they’re on holiday) may be conscientious, but is the network they’re using adequately secured? Does their personal device have the same level of security as their office laptop?
Remote working has dramatically increased the defense perimeter for organizations, and even if company policy is now bringing more of your people back into the office, many will continue to use remote access on an occasional or temporary basis.
Put the right measures in place
Implement and maintain BYOD policies that cover ALL remote use
Although ‘bring your own device’ (BYOD) is the recognized term for employees who use their own hardware devices for work, the word ‘bring’ can be a little misleading. BYOD policies are usually written for staff who use their own devices for work purposes instead of having company-purchased (and managed) devices. But they should also cover the occasional casual use of personal devices, such as the ‘checking emails on the phone outside working hours’ scenario.
Enabling BYOD capabilities in the enterprise introduces new cybersecurity risks to organizations. Solutions that are designed to secure corporate devices and on-premises data do not provide an effective cybersecurity solution for BYOD.
Educate staff about the dangers
As always, education plays a significant part in reducing cyber risk. Employees need to know the risks involved (often malware-related) when connecting to other networks, for themselves as well as the company. Ideally, they should be using a trusted VPN to encrypt data. Sensible best practices can help, too, such as avoiding accessing sensitive accounts on public Wi-Fi, double-checking the network they’re connecting to, and turning off file sharing.
Employees also need to be aware of the dangers of phishing and forms of social engineering attacks. Training alone is rarely enough –to make it ‘stick’ takes regular practice, just like any other security drill. Libraesva’s PhishBrain enables you to send imitation phishing emails to test your workforce, identify the highest risk employees, and track their progress over time. This helps to embed phishing awareness and good practice across your organization.
Optimize security and encrypt emails – everywhere
To prevent social engineering, spoofing, or inadvertent disclosure of sensitive information, ensure you have an integrated email security solution that provides multiple layers of protection.
With over a 99.9% catch rate for phishing and malspam, Libraesva Email Security will protect you better than any other email security solution. As well as offering end-to-end encryption, it includes protection against malicious files, malicious URLs, BEC and impersonation attacks.
- The secure email gateway scans incoming email to protect your employees’ mailboxes from email-borne cyber threats, and scans outgoing messages to prevent sensitive data from leaving your organization.
- The active URL analysis prevents visits to unsafe sites by checking every link at time of click
- The AI-driven Adaptive Trust Engine highlights and holds unusual communications to prevent sophisticated social engineering attacks.
Libraesva can help you to enable remotely working employees to use their email securely, while building an educated, vigilant workforce resistant to human factor and social engineering threats.
