The weakest link

Our reliance on email and its most common vulnerabilities

Sorry to say it, but no matter how secure you try to make it, email is not safe. These four threats put your enterprise at risk.

Email has become indispensable. But it gives us a false sense of security that our messages are only seen between ourselves and the receiver.

The truth is, even if you manage your own email server, these five vulnerabilities put your business at risk and could cost you billions (look no further than the recent Sony or DNC emails hacks):

1. Phishing, Ransomware and Malware

Phishing and malware are perhaps the most popular methods utilized by attackers - its use has increased 789% year after year.

Phishing attacks get critical information in a sneaky way by asking the recipient to click on a link that will prompt them to enter account credentials or social security numbers. Other times, it allows them to successfully install malicious software into a computer or a server and extract information.

According to the Ponemon Institute, the number one leading cause of data security breaches resulted from a non-malicious employee error like clicking on a phishing link or weak passwords.

Chances are that by now, you know a company whose data has been held hostage by cybercriminals - they encrypt and hold the data until a ransom is paid. This kind of malware has seen exponential growth and is bad news for everything stored in the cloud (unless it is already encrypted end-to-end and you alone have the keys to the data).

2. A rogue sysadmin

Have you ever considered that someone inside of your company can read your email? Every word.

Your system administrator has access to everyone's email in your enterprise because it is stored on your server in plaintext — even deleted email. While they’re probably too busy to bother looking at it, there have been cases of disgruntled employees accessing confidential data, stealing it, and leaking it.

3. Man-in-the-middle attack

When an email is sent from one server to the next, a "man-in-the-middle" attacker can intercept the email and change the contents of the email before it reaches the recipient. These attacks can happen even when sending internal email.

4. Weak passwords

Passwords were intended to protect us, but users tend to be lazy and use simple passwords that they can remember. These can be easy to brute force, or guess, and can lead to significant data breaches and corporate espionage.

It's time to rethink and reinvent the way passwords, authentication and user verification is done.

How to tackle these threats

There is such thing as email encryption that prevents all of these...BUT, it's really hard to use / implement, and quite rare in the industry.

Most enterprise leaders like you are aware of the dangers of using email and in turn spend millions of dollars each year beefing up the company's security measures and training employees — which is a step in the right direction, but all it takes is one bad email in an employee’s inbox to compromise an entire company.

Your ideas matter. Protect them with End-to-end encryption.

Semaphor, an end-to-end Zero Knowledge chat for teams and businesses, defends your company from these and many other cybersecurity attacks. Semaphor encrypts all of your conversations, enforces user verification, and automatically generates a secure password for users upon sign up.

The weakest link in your cybersecurity efforts could be your email client. While we at SpiderOak are aware that email isn’t going away anytime soon, reducing reliance on email by using privacy-first software can reduce risk to your company and protect its reputation and its most important data.

Ready to move your team's communications into Semaphor? Contact our enterprise sales team at sales@spideroak-inc.com.