Don’t think you need a cyber resilience for email plan? Think Again

Mimecast Chief Information Security Officer Mark O’Hare identified seven reasons so many organizations fail to protect themselves from email-based cybercrime:

  1. Having an “it won’t happen to me” attitude. – Cybercriminals don’t care if you’re a small business or a large enterprise, everyone is susceptible to an attack. Thinking it won’t happen to you leaves the door wide open for an email attack.
  2. IT is too busy putting out fires to develop an email security strategy. –Consider a ransomware attack that locks down your entire system, if you don’t have an email security strategy in place for everyone from the executive suite to the front desk and back office, there will be a lot more fires to put out when an attack occurs. Cybersecurity is everyone’s business, not just IT.
  3. Immature risk assessment practices – How confident are you in your ability to spot and stop an attack? Knowing your risk can help to build your strategy. Performing an email security risk assessment and internal audit is the best way to understand the kinds of threats aimed at your organization.
  4. Budget focused on “getting new business”, not initiatives to protect the organization and its assets. – When an attack does occur you won’t have to worry about new business, you’ll be too focused on reaching out to current customers to discuss how their data was compromised. By putting budget toward security initiatives, you are investing in your sustainability in the event of an attack.
  5.  Lack of understanding of how much can be lost in an email attack – Cybercriminals are after more than just money.  Corporate data, intellectual property, employee credentials, and system lockdown can all be profitable to an attacker. You’d be looking at a lot more than just lost revenue and unplanned downtime.
  6. No Security or Risk Team to highlight potential issues – Cybersecurity should not be an afterthought; it needs constant focus and attention to be effective. Developing a cross-functional team that have a stake in the project’s outcome, accountability, and can manage advanced security training for the organization is paramount.
  7. No support from executives to push for robust security. – All departments at all levels need to be engaged. Top level management may be at increased risk for their privileged credentials being compromised. Everyone needs to be on board.

Can your organization risk business disruption, unplanned downtime, diminished productivity, data loss, compliance violations (and their respective fines, think HIPAA and GDPR) and brand erosion? If you answered, “No” then it’s time to starting thinking about your plan for cyber resilience for email

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Office 365 Email Security – How to Face the Challenges

Mitigate risk while moving to the cloud.…

Mitigate risk while moving to the cloud. If there’s one thi… Read More >

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Nov 21, 2017

Mimecast Top Blogs of 2017

The cybersecurity world in 2017 was fill…

The cybersecurity world in 2017 was filled with new and impr… Read More >

Jamie Laliberte Whalen

by Jamie Laliberte Whalen

Senior Manager, Digital Content and Social Media

Posted Jan 02, 2018