It’s a widely accepted adage that “an ounce of prevention is worth a pound of cure.” While that premise is usually associated with good health, it’s equally true when applied to workplace cybersecurity. Preventing hackers from gaining access to company data has never been more important, as cyberattacks in the workplace have been steadily increasing. Notably, in recent years the hackers’ main point of entry into proprietary business data is via workplace email.
Put simply, 95 percent of all cybersecurity incursions begin with a hacked email. Once a workplace email is hacked, criminals can gain control of a company’s mailbox and filter through what’s known as personally identifiable information (PII). Hackers then may have the ability to use hacked workplace credentials to gain control of an employee’s computer and explore the entire workplace network seeking PII. If their efforts are successful, hackers can then use ransomware to cover their tracks.
Depending on the nature and scope of the hack, businesses can face both a financial and public relations nightmare that may even require reporting the event to regulatory agencies or government entities. All of this business chaos can often be the result of a single hacked email.
EMAIL HACKING IS A RISK CONFRONTING EVERY BUSINESS
While all business mailboxes face cybersecurity dangers, smaller businesses are frequently most at risk. The primary reason for this is that small businesses often do not have either the financial or technical resources required to properly secure their email system. In addition, some industries are frequently targeted more often by hackers and fraudsters. For example, the emails of companies in the construction and legal sectors are often targeted because of the high value of their projects. Another popular hacking target is the accounting industry, given the vast amount of PII that accounting firms have on file, and the potential to use that data for identity theft.
THE POTENTIALLY DESTRUCTIVE CONSEQUENCES OF HACKED EMAIL
Without overstating the facts, the ramifications of hacked workplace email can be disastrous. According to the National Cybersecurity Alliance, about 60 percent of small and midsized companies that are hacked are out of business within six months of the hacking event. Additionally, the average cost for an exposed PII record is $150 per exposed record. Depending upon the extent of the email hack, and the amount of data exposed, a company that has been hacked can easily face economic costs that have the potential to end their business. This is especially true for companies that do not have cyber insurance.
Take the example of a relatively small accounting firm that had its workplace mailbox compromised. The information contained in that mailbox was exposed to hackers, as were the contacts and all the reply messages received by the company’s mailbox. Even though it was a small business, the end result was more than $100,000 in directly related costs, in addition to the reputational damage to both the company and its exposed clients.
THE GROWING THREAT—AND PREVENTION—OF EMAIL CYBERATTACKS
According to the most recent report from the Identity Theft Resource Center, 2023 saw almost 2,400 business data breaches caused by cyberattacks — more than the previous record for all types of data compromises in a single year. The report also found that last year, over 350 million Americans were impacted by those data breaches.
Still, there is reason for optimism. In 2024, the awareness of the threats posed by hacked emails is greater than at any time over the last three decades. There are several factors responsible for that increased awareness. One of the main drivers is that insurance companies are increasingly pressuring clients for a higher level of internal risk awareness and the installation of cybersecurity tools required to protect the businesses they insure.
Also contributing to greater awareness of the security risks presented by workplace email are the high-profile hacking incidents that have occurred in recent years. Business owners have come to realize that if local, state and federal agencies can be hacked — and have their information exfiltrated — then it’s logical to assume that small or mid-sized businesses also can become hacking targets. The consensus among industry experts is that hackers target government agencies and large businesses for the notoriety, while hacking small and mid-sized businesses serve as fraudsters’ main sources of income.
Regardless of organizational size, the best course of action to avoid the potentially disastrous results of hacked emails are logical and straightforward:
• Fully train employees about the potential security dangers of hacked emails. They are your weakest link in your security.
• Take out cyber insurance coverage for your business.
• Ensure that your organization’s IT team — or outsourced IT provider — has multiple layers of security, including 2-step email verification.
• Ensure your email system has advanced email security protection.
• Have an incident response plan; it is not a matter of “IF” an incident will happen, but “WHEN.” No level of security is 100 percent.
The advice your doctor gave about the benefits of prevention as a means of ensuring good health are equally valid when it comes to workplace email. Taking proper security precautions to prevent an email hack can save your company both considerable time and money going forward.
David Rounds is the CEO and founder of NetEffect, a Las Vegas managed IT service provider, www.neteffect.com.
