Company email systems have become one of the biggest targets for cybercriminals with larger businesses the more frequent target due to their greater surface area of risk, diversity — and more opportunities to exploit.
According to a recent survey, more than half of organizations attribute a security incident or data breach to a malicious or negligent employee. So although companies invest a lot of money, resources, and time into developing a strong email security system, the system won’t be worth much if employees — the human firewall — aren’t on board.
Your human firewall encompasses how well employees understand the importance of the right security practices and how easily they can act on them. Right now, most organizations aren’t doing an adequate job, but there are steps that companies can take to help keep the email safe. It starts with focusing on both technology and the people using it:
Put comprehensive security protocols in place and build partnerships within the business.
Your email security program needs to work from the time a message is sent, to when it is received, whether it is coming in or going out of your network. Email servers can perform many functions to protect your mail environment and network, and an email platform that secures the data when it’s both at rest and in transit is key.
There are several important elements to put this foundation in place, including:
Educate and engage employees on how to use security tools properly and make them aware of their individual responsibilities and company policies with ongoing training and communications.
Implementing security best practices for all employees — i.e., policies for “bring your own device” and mandated password changes — plays an important role in employees making the right decisions around email security. However, these protocols should also resonate with employees. Creative communication techniques — such as webcasts and quizzes — can help employees realize the importance of security practices by linking important aspects of security from their private lives to their work lives.
Engaging employees will also help security teams overcome the challenge of employees viewing security as an obstacle that prevents them from doing their work. Instead, when security becomes personal, employees are encouraged to be active partners in helping to protect the organization.
Continually monitor and measure the effectiveness of your security program and human firewall to manage your risk.
Monitoring and measuring the effectiveness of email security programs and the human firewall must be an ongoing effort. Employee security awareness must evolve with the constantly changing technology industry. This starts with keeping metrics that track the security awareness of employees over time. Metrics to use should include the number of reported incidents, visits to unapproved sites, email violations, phishing report rates, and insider threats, percentage of infections while employees are remote, and the average time it takes employees to report a lost device.
You can also monitor for employee compliance by testing your employees with simulations, such as periodic phishing awareness. Organizations should use this tactic to get a sense of whether communications, training, and policies are connecting with employees and are effective in securing the email system.
Emails are accessed by every employee and contain confidential information about your company and customers, making them both difficult and crucial to secure. Because of the human element, a mix of comprehensive security protocols, educating and engaging employees, and continuous monitoring are needed to prevent emails from becoming a gateway for hackers.
Company leadership in partnership with security teams and human capital management professionals should reward employees who embrace security practices. For employees who don’t comply, fair yet disciplined programs can eradicate behaviors that threaten security. In other words, an email security program is only as secure as the people using it, but your employees can’t do it alone.