The cost of cybercrime is hitting businesses worldwide harder than ever, with an estimated $6 trillion in total damages by 2021 and $10.5 trillion annually predicted by 2025. For SMBs, this escalating trend is particularly concerning, with some estimates finding that 60 percent of small businesses will be forced to close within six months of a cyberattack.
The question then becomes: What causes these attacks, and how can an SMB limit its risk? It turns out humans are the problem. According to the 2021 Verizon Data Breach Report, 36 percent of breaches involved phishing, a type of social engineering attack that comes through email or another type of digital communication. This represents a rise from 25 percent of breaches in 2020 and secures phishing as the top attack vector in 2021.
What’s more, an estimated 90 percent of cyberattacks and breaches overall initiate through email– making it by far the favorite vector of attack by attackers. Protecting against this dynamic has become more complex over the past two years, and attackers leverage crises like the COVID-19 pandemic to send successful phishing attacks. Also, the rapid shift to remote work complicates defenses and makes employees who rely on email communications for their jobs more vulnerable.
This data tells us that it’s more important than ever for SMBs to ensure they’re keeping their email secure. Unfortunately, there is no silver bullet to perfectly secure email, but there are several things an SMB can do.
Implement email security technologies. There are a wide variety of tools that an SMB can use to secure its email better. These include encryption, secure email gateways, and authentication protocols. These tools can be complemented by solid cybersecurity basics, including strong passwords or leveraging multi-factor authentication to prevent unauthorized access.
Monitor for signs of bad actors. While you can put every cybersecurity protection available in place, the reality is that bad actors may still break through your environment. For that reason, it’s essential to continuously monitor for anomalous behavior and signs of potential attack within email and across the broader company environment. That way, an SMB can quickly identify if it may be under attack and begin remediation before too much damage has been done.
Address the human element. While certain types of technology can help, there’s no substitute for addressing the human element. To do this, SMBs should consider regular employee training that educates them on things like how to spot potential phishing attempts or when it is appropriate to open an email attachment. In doing this, they can ensure cybersecurity is kept top of mind every day across the organization.
Each of these suggestions represents a step in what should be an ongoing strategy around email security within the broader cybersecurity practice. By taking a few extra steps, an SMB can help reduce the most significant vector of attack on their organization — their email — and, as a result, significantly limit their risk of a cyberattack. That’s an outcome every SMB can get on board with!