Why improving email security helps protect the global economy

Cybersecurity and economics

We recently conducted a survey of email senders around the world to get their insights and opinions on the state of the global economy as well as how it is impacting their organizations. In a special report from Mailgun, “Email in an evolving economy: The tech perspective”, we homed in on responses from those in the IT and engineering communities.

When asked to choose three economic factors that could negatively affect their businesses in the next year, participants selected the usual suspects most often. Inflation (55.9%), Reduced consumer spending, (40.6%), and Energy/transportation costs (29.3%) topped our survey’s list as well as many other polls on the global economy.

A little further down the list is Cyberattacks. While around 15% of all respondents chose this option as a situation that could negatively impact their organization in the next year, the number jumps to just over 20% among IT professionals and engineers.

Even with record-breaking inflation rates, a tight labor market, an ongoing pandemic, a war in Eastern Europe, and surging energy prices – one-fifth of this segment believes cybercrime is among the top three factors that could do damage to their business. This suggests that IT workers and other technology professionals are more aware of the potential impact of cyberattacks than others.

In fact, when we compare survey results from IT & Engineering with other job roles, there’s an even more noticeable difference. Those who deal with cybersecurity regularly were significantly more likely to have concerns about cyber threats.

So, what do these professionals know that people in other departments may not realize? Let’s look at other cybersecurity research to find out more about the impact of cybercrime and the price you pay for failing to improve email security.

The cost of lackluster email security

In “The Mailgun guide to email security and compliance”, we curated a collection of cybersecurity statistics from a variety of reliable sources. That includes IBM, which released a report estimating the average cost of a single data breach in 2022 was $4.35 million.

That, however, is the global average. In the United States, IBM says a typical data breach could cost organizations $9.44 million, which is more than double the average and the highest in the world.

It’s important to remember that email is the biggest threat vector, and the channel is often at the center of many data breaches and attempted cyberattacks. In fact, it’s believed that 91% of cyberattacks start with a phishing email. According to research from Proofpoint, threats involving email are reported more often than any other method. Cyberattacks via the email inbox took the top four spots in Proofpoint’s report, which also found that 83% of all phishing attempts are successful.

Given these statistics, it’s easy to see how a lack of email security could cause financial problems in many companies. The sheer number of successful phishing attacks combined with the cost of a cybersecurity breach make it clear how cyber threats can have serious consequences for the economy. Cybercrime hurts business of all types and sizes.

During a global recession, like the one we seem to be facing now, there are always going to be businesses that fail to survive such a major economic downturn. When so many organizations are financially strapped, the last thing you want is a breach that unexpectedly costs millions of dollars.

We know that sounds like fear mongering. But the truth is... it really is pretty scary.

Thankfully, there are things any organization can do to improve email security, defend the business, protect users, and increase the company’s chances of avoiding a cybersecurity disaster.

Four tips to improve email security

They say that “an ounce of prevention is worth a pound of cure.” Sometimes we don’t care about stopping a problem until it starts causing us real pain, and avoiding the problem in the first place is the best approach. That goes for email security just as much as personal health.

Here are some important steps you can take to prevent email security problems that go beyond using secure passwords.

1. Use multifactor authentication and SSO

While it’s not foolproof, multifactor or two-factor (2FA) authentication is one of the simplest yet most effective ways to stop a phishing attack and make applications more secure. That’s because even if cybercriminals convince someone to reveal account credentials, they still need access to the other authentication method – such as the user’s mobile device.

Multifactor authentication (MFA) could also include:

• Hardware tokens: Key fobs or USBs that regularly generate different numeric codes for access.

• SMS verification codes: Codes delivered to a user’s mobile device via text message.

• Push notifications: Alerts notifying users about login attempts, which can be confirmed or denied.

• Software tokens: Software-generated passwords for one time use.

A single sign-on (SSO) solution is another helpful layer of organizational security. It makes it easier for employees to access a collection of applications without having to create, remember, store, and potentially expose passwords.

2. Set up email authentication

While MFA protects, users, employees, and the business from cybercrime, email authentication protocols exist to help protect the people receiving your emails. Authentication is the best way to stop the form of phishing known as email brand spoofing.

Email authentication gives mailbox providers a way to identify your emails as legitimate messages coming from a trustworthy sender. Without it, spammers and scammers can pose as your organization and trick people into giving up sensitive information.

Email authentication includes four main specifications, which are DNS TXT records that receiving mail servers will refer to when deciding how to filter incoming messages:

• Sender Policy Framework (SPF)

• DomainKeys Identified Mail (DKIM)

• Domain-based Message Authentication Reporting and Conformance (DMARC)

• Brand Indicators for Message Identification (BIMI)

At Mailgun, we require every sender on our platform to use SPF and DKIM at a minimum. However, we highly recommend having an enforced DMARC policy and are big fans of BIMI, which lets senders display an official logo in the inbox.

3. Educate employees and users

Email scam artists are deceptive and good at what they do. Even people with plenty of cybersecurity experience can fall for their tricks, especially when the attempt involves things like social engineering.

One of the best ways to improve email security is to teach people what to expect from phishing attempts. In fact, Mimecast found that employees who receive cybersecurity training are five times more likely to spot and avoid malicious links in emails.

Mailgun’s security team partially credits our employee training and awareness program for helping the company stop a large-scale SMS phishing attack.

While you can’t directly train your users or customers, you can let them know what to expect (or what not to expect). For example, if you know scammers have been trying to impersonate your brand, send out a warning so your users are on the lookout for something suspicious.

4. Evaluate technology partner security

Finally, your cybersecurity is only as strong as your weakest link. That means you need to pay close attention to the security practices of the vendors and solution providers your organization uses.

If one of your partners is processing sensitive data from your organization or your users, make sure they have the right certifications and undergo regular security audits. Ask about their ISO 27001 and ISO 27701 certifications and SOC 2 reports. Beyond evaluating security, these audits and certifications can inform you whether a potential technology partner complies with data privacy laws such as GDPR.

Does better email security really help the economy?

Maybe you’re feeling a little skeptical. We get it. Improving email security where you work probably won’t pull the world out of a recession but what if we thought about email in the same way we think about the environment? Sure, one person who recycles or drives an electric vehicle won’t do much to make a difference. It’s when millions of people take action that real change starts happening. So, we all need to do our part.

When you improve email security, you’re preventing money from landing in the pockets of cybercriminals. Instead, it stays in the pockets and bank accounts of consumers and businesses around the world. By preventing cyber threats you’re protecting your company from unexpected expenses at a time when there’s a lot of financial uncertainty.

If you’re ready to get serious about email security, Sinch Mailgun is ready to partner with you to make a difference. Find out more about Mailgun’s commitment to security and check out our Security Portal. There, you can request access to our ISO certifications, SOC 2 reports, and other important documents.