Retarus Press Release
World Password Day: a secure one is not enough! 3 key steps to keep your login information safe from email attacks
The first Thursday of May, which this year happened to fall on the 4th, marks World Password Day; a day that aims to raise public awareness around the importance of this digital security-related key tool. We’re constantly being asked to enter passwords, both in our personal and professional lives. As far as the latter is concerned, “access key” management across the business (among others) plays a crucial role in protecting against cyber-attacks. Establishing specific requirements therefore becomes a prevention essential, such as the appropriate length, use of numbers and special characters, or the combination of several words.
Concerning email, password choice and management are particularly important but most certainly not effective enough on their own to provide maximum protection. Even the most secure password is rendered useless once it is obtained by hackers, whether through phishing attempts or shared unintentionally by a user. To optimize protection, reduce the risk of attacks, and fortify against potential threat impacts, Retarus – one of the leading international providers of Enterprise Cloud solutions for Messaging, E-mail Security, and Business Integration – has identified three key steps that companies in any sector should adopt to reduce the risk of cyber-attacks aimed at exploiting the mailbox as an access point.
1. Focus on maximum prevention
Prevention is better than cure, even when it comes to email security. In fact, being ready to prevent and block phishing attempts – one of the main types of attacks that use email as an access channel – is essential (the Retarus anti-phishing guide is available at this link). Companies need to be prepared, especially when it comes to social engineering attacks, such as CEO Fraud; this scam involves hackers “impersonating” a company’s CEO via email and asking employees to enter their login credentials via a fraudulent website link. The cyber attackers thereby gain access to the company’s infrastructure (regardless of password security). By leveraging specific features, such as CxO Fraud Detection, companies can identify the false sender addresses used for these targeted attacks and expose deceitful emails before an employee inadvertently initiates a financial transaction or shares sensitive data with a cybercriminal. For added safety, we recommend choosing a holistic email security solution, i.e. one that uses multiple virus and phishing filters, in addition to innovative Advanced Threat Protection mechanisms, such as sandboxing, to prevent emails containing suspicious links or attachments arriving in employees’ inboxes.
2. Improve post-delivery measures for better protection and business continuity
As previously indicated, the most advanced email security solutions can detect and block most malware before it even enters the network, provided it has been implemented correctly. However, since complete protection cannot be guaranteed, adopting effective Post Delivery Protection technologies is vital; one example is the Retarus-patented Retarus Patient Zero Detection, which also focuses on pre-delivered emails. Furthermore, having a “plan B” in place is also essential, i.e. an email continuity solution able to continue communicating uninterruptedly in the event of an emergency. Whether a security incident, power outage, or server/cloud failure has occurred, the result is a company’s important business processes inevitably crashing, causing downtime costs that can quickly spiral out of control. This is where failover solutions, such as Retarus Email Continuity come into play: they constantly run in the background and immediately intervene should the email infrastructure become unavailable, thus ensuring that corporate email communication is not affected.
3. Reduce the human factor security risk
When it comes to email threats – just like any cyber-attack – “human factor” security risks, aka. insider threats, play a fundamental role. To effectively minimize the impact of staff errors and carelessness, organizations must adhere to the two following points: regular IT security-related staff education and training sessions with concrete examples being provided, where possible, in addition to increased checks. Furthermore, the perfect email security solution should offer all information and user interfaces in the local language. That way, even non-tech-savvy users will be aware of the potential risks. For example, all employees should be reminded never to reply to or forward suspicious emails. Additionally, they should never click on links, enter passwords/personal data in clicked-on websites, nor download attachments (malware) found in suspicious emails as well.
About Retarus
Retarus is a global provider of API