Email is one of the most imperative things for any organisation. Over the years this form of communication has evolved significantly and today, one of the most essential forms of communication — both in terms of personal and corporate, in this tech-driven world.

However, on the flip side, emails are not 100% secure. Billions of people are sending and receiving emails every day and many of them contain some of the most sensitive information. And being one of the easiest ways to reach a computer user, email often becomes a target for hackers and scammers all across the world. And to cope with all the security threats, companies and individuals come up with a lot of strategies and ideas. But the bitter truth is no one-size-fits-all strategy which is completely reliable. 

In this article, we will take a look at the top five email security myths:

Myth #1: A Strong Password Is Reliable

A strong password (a combination of lower case and upper case characters, symbols, and numbers) is imperative. However, that’s not the only thing that one should rely on one when it comes to email security. Today, there are several sophisticated techniques and methods that can be used to crack a password. Some of the methods are brute force, dictionary attack, rainbow table attack or even social engineering attack.

Level of cracking passwords is reaching a whole new level. Hackers are even using technology like AI to generate possible passwords one could use based on the person’s likes and dislikes.

So, if a strong password is not the solution, what one should do add an extra level of security to their email? The answer is Multi-factor authentication (MFA). It is one of the best ways to secure your information on the internet. To know more about MFA, you can go through our article “Understanding The 5 Factors Of Multi-Factor Authentication”.

Myth #2: Your Service Provider Will Take Care Of Security

When it comes to service providers, there are two things — domain provider and the email platform provider. And one of the biggest myths that people and even organisations surmise that the service providers will take care of each and every users’ email security. However, most of the companies even take some of the significant steps to keep the security level as high as possible, but if there is an error from the user side, one cannot expect the service provider to take responsibility for it.

For example, if you opt for G suite, and use the email service, you would be able to see MFA. However, if you don’t opt for the MFA, rely on the “strong password” you have set, and get social engineered and end up giving away your credentials, then you can’t blame Google for it.

Myth #3: Trained And Smart Employees Will Know Better

Organisations across the world have understood the importance of providing cybersecurity training to employees. And based on the training, they assume or claim that their employees are smart enough to not to click on any suspicious links or open any suspicious attachments. But the reality might be a little different.

Let’s have a look at some of the statistics — according to a source, the global average cost of a data breach is $3.86 million and the root cause of 90% of data breaches are phishing attacks. Do you still think your employee is ready to deal with the upcoming phishing attacks?

There was a time when phishing attacks were limited to cloned websites and simple emails; today, things have gone way too far — there are instances when phishing emails are easily bypassing firewalls, making their way to the inbox of the target. And not surprisingly, the email bodies are becoming influencing and tempting as well.

Myth #4: Secure Email Gateway (SEG) Is Enough

SEGs are one of the most important elements of an organisation’s cybersecurity infrastructure. However, despite the fact that they provide a good significant level of protection — whether it’s about virus and malware blocking, spam filtering, content filtering or email archiving, the rate of phishing attacks are doesn’t seem to go down. And the major reason is that the attacks that are being carried out are crafted with SEGs in mind — the emails are formed in a way that they look more legit and less of a social engineering email and somehow manage to move past SGE.

Myth #5: All Phishing Attacks Are Same

If you think that every phishing attack is the same and even the threat level is the same, then you are wrong. Over the years, the strategies and methods have changed — hackers have been upgrading their phishing attack since quite some time. And one of the most notorious and effective is polymorphic phishing.

Polymorphic phishing is basically an email sent to multiple users where an attacker implements slight but significant and often random changes to an emails’ artefacts — at least one of the following is being changed either randomly or manually/intentionally depending on the attack: Sender name, Sender address, Subject Greeting, Email body or signature. And this type of attack over the years have gained a significant level of popularity among the black hat community. To know more about this type of attack, you can read our article, “Is Polymorphic Phishing The Next Big Threat In Cyber Attacks?”.