The COVID-19 pandemic has changed our expectations of our working lives forever, says Andy Baines, Chief Security Architect, Fujitsu UK & Ireland.
Just 18pc of employees want to return to the office full-time, according to research from Fujitsu. Three quarters are clear that hybrid working is their preferred option – and 49pc want to spend three to four days working remotely. It’s very clear there’s no going back. Hybrid working offers massive advantages. Employees can maximise their productivity and balance their work and personal lives, while organisations can open up to a whole new range of candidates. But of course, there are also important considerations from a cyber security perspective.
Half of business leaders are afraid that employees working from home have been at greater risk of security breaches. And no wonder: email attacks have exploded during the pandemic. There has been a spike in both malware and ransomware, targeted at organisations especially. HMRC alone reported a 73pc rise in phishing attacks between March and September 2020.
For organisations and employees to trust the hybrid workplace, it’s clear that we need a robust approach to email security. That means finding the right service provider – and setting up employees for sustainable security.
No one size fits all
First, it’s vital to recognise that there is no one size fits all email security service. Just as there is no one standard employee, every business has unique requirements and challenges. Although considerations like price and reputation are important, the key to finding the right service is unpicking the needs of your organisation.
There are some foundational factors to consider, such as whether your email is located on the cloud, on-premise or both – and whether this might change in the future. It’s also important to understand what sensitive information is transferred via email, both within the business and with third parties. Where could your biggest vulnerabilities be? As an IT team and a business, how much support will you need?
Once you have an idea of your needs, consider the different functionalities of the systems out there. By understanding what each solution delivers and what would be needed from your team, you can create a shortlist of the right providers for you.
Consider a layered approach
The sophistication of cyberattacks is growing all the time – so it’s important to consider the extra technologies that can provide a security safety net. Drawing on Threat Intelligence from internal and external sources can help organisations to get on the front foot with cybercrime, enabling higher levels of detection and faster remediation.
Incorporating Data Loss Prevention (DLP) capabilities is another powerful option, as this controls the flow of valuable Intellectual Property through email channels
Implementing both gateway-to-gateway and user-to-user encryption can provide increased levels of protection and assurance when emailing sensitive information.
Finally, Security Information and Event Management (SIEM) platforms can be used to analyse, alert and act upon email related incidents, while Security Orchestration, Automation and Response (SOAR) platforms can automate remediation activities. Think about which of these technologies would be most valuable for your business – and how that might integrate with your preferred email security solution.
Ultimately, when defining your email security strategy, it’s also critical to consider the day-to-day management needed in your team. Email security solutions and any additional capabilities can generate significant amounts of event data – and if it’s not analysed, Indicators of Compromise (IOCs) can be missed.
Consider how you will deal with this mass of data and the processes needed in the team: otherwise email security investment could be wasted – and your business could be compromised.
Using employee education and vigilance to create a human firewall
A fundamental part of email security is the employees themselves. Cybercriminals are constantly exploring new ways to trick their targets and play on human interest, making attacks even harder to spot. Particularly when the organisation is distributed in many locations, it’s invaluable to create a vigilant workforce.
Communication is also critical. That means making sure employees are aware of the latest threats and reminding teams to practice caution, especially over email. Establish an ongoing awareness and training programme, to provide staff with the latest information and skills. This is an area where email security providers can help: consider whether your preferred solution has in-built controls to simulate attacks and educate users as a result. Empower your employees with the awareness to combat attacks – and they can form a key part of your organisation’s defences.
A resilient hybrid workforce
There’s certainly no going back to the old working world, and in many ways, that’s a good thing. After navigating the shockwaves of the pandemic, businesses are now more prepared to adapt to future uncertainties. In fact, 85pc of the C-suite and 71pc of employees believe hybrid working will make their organisation more resilient and better equipped to survive economic issues. But for businesses to be truly future-proof, hybrid working has to be secure. Now is the perfect time to evaluate your email security measures and find what’s best for your business. But remember, email security solutions can’t remove all of the risks.
A holistic approach to security, with a layered approach and a human firewall, is needed to provide the best possible protection in the new working world.
