How To Enhance Email Security Without Sacrificing Productivity
Rom Hendler is CEO & co-founder of Trustifi, a provider of SaaS-based security and email encryption.
Email is old technology. It was invented in 1965 by MIT academics to share files and messages on a central disk. But more than 55 years later, even as other means of communication like text and direct messaging have emerged, email in its latest SaaS-based incarnation is still widely used.
The pandemic spurred a resurgence of email usage for business communications since employees who were previously in the same physical space became separated — and many remain that way in hybrid workplaces. In fact, email use increased 200% during the pandemic, with little sign that the trend will decelerate.
With increased usage has come increased incidents of cyber threats. Phishing and fraud attacks have risen dramatically since Covid-19 emerged, and so did impersonation-based "social engineering" attacks in 2021. Organizations depend more than ever on email to conduct business, and they're that much more vulnerable to scams, malware and ransomware that target email data.
Make Ease Of Use A Priority
The question many companies face is how to strengthen their email security without compromising employee productivity, which sometimes happens when they adopt cumbersome or difficult-to-use security solutions. Consider the physical home security model as an analogy. When homeowners install an alarm system, extra door locks and a fence with a locked gate, it’s more time-consuming to get in and out of their homes. They must allow extra time whenever they leave the premises to arm the alarm, lock the doors and secure the gate. Likewise, it’s harder to carry an armload of groceries back into the house if they're first tasked with opening locks and disarming an alarm.
MORE FROMFORBES ADVISORBest Travel Insurance Companies
ByAmy DaniseEditorBest Covid-19 Travel Insurance Plans
ByAmy DaniseEditorThe result? A homeowner who plans to run a short errand will be tempted to skip that unwieldy process. And if they get waylaid and don’t return for an hour, their house sits unprotected.
The same thing happens with cybersecurity. The more mouse clicks it takes to secure an email, the less likely employees will take those actions to send a quick message. The more human decisions are required to determine if an email should be encrypted, the less likely that time-pressured user will make the right decision. The more complaints a worker gets from a supplier or customer that their encrypted emails are hard to open, the less likely they'll be to continue to take those precautions. This is why ease of use is vital to selecting a cybersecurity solution.
Fight Fire With Fire
The goal of a next-gen security solution should be two-fold. In addition to sustaining employee productivity, an effective email security solution should provide security capabilities beyond that of traditional secure email gateways, which aren't always robust enough to combat modern email phishing schemes, such as sophisticated new social engineering attacks.
The new generation of hackers use advanced artificial intelligence (AI) techniques to identify and hack the email accounts of high-level personnel and create convincing impersonation emails asking for wire transfers or sensitive credentials. In fact, hackers can stand up a domain, blast out their attack messages and dismantle the domain in minutes.
The latest generation of email security solutions work to combat these attacks with AI-powered technologies such as optical character recognition (OCR) and machine learning to detect and flag imposter emails. They can interpret malicious intent, identifying keywords like "wire transfer" and "bank account," and quarantine those messages.
Defend Against Imposter Attacks With Encryption
Email encryption is central to security. Hackers can't get useful information from intercepted messages if they can’t read them. The trick is to automate the encryption process so it becomes effortless for both senders and receivers. With an automated encryption solution, every email is readily encrypted with no decision-making on the part of the user.
Equally as important, businesses should look for a solution with which no extra effort is required on the receiving end to either decrypt the message or encrypt the response. Some encryption solutions have required a receiver to register on a third-party website and create a password to retrieve a message. Users then need to upload their reply message to the encryption site to send it back to the originator. Such processes are usually annoying, causing recipients to bypass the return encryption process. This allows the entire message to be transmitted back through the internet unencrypted for hackers to easily intercept.
To increase the adoption of email encryption among their employees, businesses should consider a solution that alleviates the receiver conundrum by eliminating the third-party middleman site requirements. Look for systems through which the recipients receive a standard email in their inbox with a smart link to the encrypted content. Users should be able to just click the link to read the decrypted message.
No organization, regardless of size, needs to remain vulnerable to the cybercriminal community. The way to keep pace with — and, better, outstrip — the evolution of these malicious actors is to leverage industry-leading technologies like AI, OCR and machine learning. Email encryption should be efficient enough that it doesn’t bog down employees (and their business partners on the receiving side) with extraneous procedures that impair productivity. And don’t forget to prioritize ease of use because if employees don’t use a cybersecurity solution, it’s hardly worth your investment.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?