intelligent

SMBS DO FACE

RELENTLESS CYBERTHREATS , HOWEVER THE

UNCOMFORTABLE TRUTH IS THAT OVER 80 % OF DATA LEAKS ARE CAUSED BY EMPLOYEE

BEHAVIOUR .

( Information Commissioner ’ s Office ), indicate that a significant portion of data breaches in the UK are not cyber-related , such as the malicious deployment of ransomware , but stem from human error and oversight .

Understanding and demystifying email security for SMBs

Outbound email security is often overlooked in favour of inbound security , which focuses on protecting against more ‘ prolific ’ external threats like phishing and ransomware . However , the risks associated with outbound emails are equally significant . These include data leakage , reputation damage and compliance violations . Data loss occurs when sensitive information is unintentionally shared , leading to potential breaches . Reputation damage can result from sending sensitive information to the wrong recipient , eroding trust in your business , while compliance violations come from failing to protect sensitive data , risking non-compliance with regulations like GDPR , HIPAA or CCPA .

Rick Goud , Chief Innovation Officer and Co-founder , Zivver

As previously mentioned , the most significant risk in outbound email security is human error . Misuse of BCC ( blind carbon copy ) is a common mistake , where using CC ( carbon copy ) instead can expose email addresses to all recipients , leading to privacy violations . There have been several examples of this error in the press , including the Conservative Party and NHS Trusts . Another frequent error is selecting the wrong recipient due to autocomplete features , which can cause sensitive information to be sent to unauthorised parties . Additionally , sending the wrong file or including sensitive information in inadequately protected attachments poses serious risks , and insufficient encryption protocols can lead to emails being accessed during transmission .

Strategies to enhance outbound email security

Enhancing outbound email security requires a multi-faceted approach . Education and training are fundamental . The delivery of training , however , needs evaluating , as traditional training ( think annual courses or spontaneous quizzes ) is proving ineffective . Instead , there is the opportunity to educate employees in the moment that an incident is about to occur by integrating Data Loss Prevention ( DLP ) tools into existing workflows . In this way , employees can learn about the risks associated with outbound emails , proper use of BCC and the importance of verifying recipient addresses and attachments before sending whilst they work . In short , training must be adaptable , consistent and tailored to the behaviours of every employee .

Utilising advanced encryption methodologies , over and above those employed by standard email clients , is also crucial when sharing sensitive data , ensuring no one can access emails other than the sender and receiver – not even email security vendors .

Two-factor authentication ( 2FA ) adds another layer of security , preventing unauthorised access to email accounts . Ensuring that 2FA methods are user-friendly encourages widespread adoption among employees . Email