By Rom Hendler, Trustifi
If the recent breach of mega-provider SolarWinds has taught us anything, it’s that diligence in implementing cybersecurity is paramount, and that even gold-standard companies need to rethink how they approach this discipline. As the market continues to evolve, channel partners need to keep their options open and seek next-generation solutions that create more versatile ways to secure their customers’ email data. This especially applies in sensitive markets such as government, healthcare, and finance.
Malicious actions against corporate email accounts are growing in prevalence, judging by the emergence of BEC, or “Business Email Compromise.” In this scenario, hackers commandeer a corporate user’s email account (without the user’s knowledge) and monitor activity over time until they encounter sensitive data, such as invoicing or financial information. The hackers then utilize that data to conduct additional cybercrimes and phishing activity, ascertaining corporate credit card numbers or crucial logins, such as to a company’s Microsoft 365 or Outlook accounts. Through this method, if one corporate user is compromised, malicious agents can infiltrate an entire organization.
Traditional security is typically not comprehensive enough to detect these attacks. It requires email-based cybersecurity software that can identify sensitive data that is often targeted by phishing scams. Consider the urgency of this: BEC crimes accounted for half of the nation’s cybercrime losses, as per the FBI in reports from early 2020. And email attacks have only increased since the advent of COVID-19, as organizations scrambled to create secure remote networks for the sudden deluge of teleworkers.
Rethinking Email Security
Yet as the market—and the doggedness of malicious actors—has advanced, so have cybersecurity solutions. Savvy MSPs should begin to think of email encryption as a way to deliver control of email data back to the user, as opposed to simply screening threats as they arrive at the network gateway. Effective cybersecurity providers have developed new ways to host their solution in the cloud, allowing email messages to reside on a proprietary web-based platform, as opposed to letting sent emails reside as fixed items on the recipient’s server. This cloud-based approach allows messages to be accessed and recalled or altered as-needed since they’re still officially housed on the vendor’s cloud-based platform. Users can therefore swap or remove attachments or reword text even after messages have initially been read. Similarly, this configuration allows the sender to remove or add recipients to emails after-the-fact—without alerting the other recipients.
The ability to host “sent” messages on the vendor’s proprietary platform creates a whole new approach to email security. When the sender has a greater ability to manipulate messages they’ve already transmitted, it allows them to correct potentially debilitating missteps. For example, an executive using a cloud-based email encryption system circulated a set of Excel files outside his organization, forgetting to omit confidential budget figures. The executive was able to seamlessly swap-in a corrected file, saving the company critically damaging exposure. Similarly, if a user cc’s an unauthorized recipient by mistake, that worker can revisit the email and remove the offending address from the recipient list. The email disappears from the unintended recipient’s inbox—without notifying any of the other recipients.
Such wide-ranging capabilities are only possible if encryption happens on a proprietary web-based storage platform, as opposed to the traditional protocol, where encryption happens at the network gateway, and the message is then permanently relegated to the recipient’s email system. Not only does this new method allow companies to keep greater control over sensitive data, but it also enhances the ease-of-use of email encryption, delivering a more comprehensive range of capabilities to corporate users. This typically softens any associated learning curve and hastens adoption.
About The Author
Rom Hendler is CEO of Trustifi a cybersecurity firm featuring email encryption solutions delivered on a software as a service platform. Trustifi leads the market with the easiest to use and deploy email security products providing both inbound and outbound email security from a single vendor. Its unique, cloud-based storage model is helping the channel rethink its approach to cybersecurity. www.trustifi.com