Accidental data leaks via outgoing emails pose a high security risk to businesses, and in fact a report from IT solutions and managed services provider Mimecast claimed that businesses should be more concerned about this than inbound malicious attacks.
The survey, which was conducted among a mix of large businesses and SMEs, found 28 per cent of respondents cited human error as the biggest threat to corporate email security.
Quigley explains the threat: “A lot of the time businesses are engaging with clients on email and sending sensitive information. When an email goes from you to wherever it’s going, it will go through various stages and that information will potentially sit on a number of servers as it crosses the internet.
“Of course, it’s all in clear text and can be intercepted as its going or it can be read when it’s sat on some of those servers. There’s a question mark about whether people should be doing that, and just raising the bar to get people thinking about how they’re operating.”
Another potential employee-related breach is ‘spear phishing’, which is when criminals pretend to be high up members of a company to trick employees into transferring large sums of money.
Email security provider Agari’s Field CTO John Wilson claims that highly targeted phishing scams are becoming more and more common. Sophisticated attackers are spending time gathering information about a business and its processes to target individuals with seemingly authentic emails.
"More worryingly, the continuous evolution of methods that are used for business email compromise means that business insurance or even cyber insurance might not provide the required cover,” says Wilson. “More must be done to leverage available technologies, complete internal training and use open standards like DMARC to identify and block fake emails that look like they come from a trusted domain.”