You’ve Got Mail

Communication is digital. Almost all interactions businesses have with customers, colleagues and partners comes via digital channels. Email might sound old hat, but only because it is now so finely engrained into every aspect of our communications ecosystem that it barely warrants mentioning.

We don’t talk about emails because emails are the conversation. As of 2024, more than 33% of marketers still employ emails, with 87% planning to maintain or increase their investment in the channel in 2025.

Email is also the preferred communication channel for billions of employees, and HubSpot predicts that email usage among colleagues will continue to grow by at least 2.4% annually for the next few years. That’s not to mention the 4.2 billion people worldwide who use email every day – more than half the world’s population – to share ideas, engage with brands, sign contracts, and organise their lives.   

Email as a channel is so prolific, and so vital to our lives and businesses, that the consequences of using it flippantly or without due consideration can be severe.

Incidents like the widely reported breaches of the Police Service of Northern Ireland (PSNI) and the UK Electoral Commission on the same day last year, along with the rise in email-related security incidents, highlight the urgent need for robust email security measures and responsible use of the channel. In some cases, companies have even had to terminate employees over unintended email security breaches, either due to lack of training, poor implementation of email software, or because the channel itself was exposed and vulnerable to cyberattacks.   

The Risks Of Poor Email Communication 

Email, like any other technology, is a tool. How we choose to use that tool has consequences. The PSNI breach referenced above involved the accidental exposure of sensitive personal data of all serving police officers and civilian staff, including names and roles, due to an email error. The breach occurred when an email containing sensitive information was mistakenly sent to the public. The error involved attaching a spreadsheet with the personal details of over 10,000 officers and staff, which was inadvertently included in a response to a routine Freedom of Information request. This mistake could potentially result in a £750,000 fine for the organisation.  

In recent years, a significant number of employees have faced termination due to email security breaches, highlighting the growing concerns over cyber threats in the workplace. The primary causes of these breaches include phishing attacks and human error, which continue to be major vulnerabilities for organisations. 

Best Practices For Ensuring Email Security 

While many email incidents, including those referenced, are largely down to human error, technology still has a vital role to play in setting up guardrails and frameworks to help us use the channel more effectively and responsibly.

One of the most helpful strategies is to implement encryption as a standard for all email communications containing sensitive data, ensuring that information is protected from unauthorised access.

Utilising secure email platforms that offer advanced encryption can significantly reduce the likelihood of data breaches. Additionally, organisations should enforce multifactor authentication (MFA) to add an extra layer of security, making it more difficult for cybercriminals to gain access to emails. 

Employee education is equally crucial in maintaining robust email security. Organisations have seen great success in introducing in-the-moment support; with alerts to the presence of sensitive data in emails and their attachments, or notifications to potential mistakes, such as incorrect recipients. Whereas training in its traditional form (i.e. compulsory training delivered annually) often sees employees forget best practice within a few weeks, integrating training into workflows can help build a security-first culture.

In addition, implementing strict policies for handling sensitive information and conducting periodic security audits can also help identify and address vulnerabilities. By fostering a culture of security awareness and ensuring that all employees are well-versed in best practices, organisations can significantly reduce the risk of email-related security incidents.  

The Role Of Digital Signatures 

Digital signatures offer a secure and reliable method for authenticating the identity of signers and ensuring the integrity of documents. Unlike traditional handwritten signatures, digital signatures utilise cryptographic techniques to bind a signer's identity to a document, making it virtually impossible to alter the signed content without detection. This provides a robust layer of security, ensuring that documents are both authentic and unaltered. The benefits of digital signatures extend beyond security; they also streamline workflows, reduce paper usage, and expedite document processing, which is particularly beneficial in a fast-paced business environment. 

The EU’s General Data Protection Regulation (GDPR) mandates that businesses protect personal data and ensure the privacy and security of EU citizens' information. Digital signatures meet these requirements by providing verifiable proof of consent and ensuring that signed documents remain tamper-proof. They also facilitate audit trails, making it easier for organisations to demonstrate compliance with regulatory standards. By integrating digital signatures into their processes, companies can not only enhance security but also ensure adherence to legal obligations. 

Securing email communication is essential to protecting sensitive information and maintaining organisational integrity. While no single solution can address all vulnerabilities, a combination of robust encryption, employee training, and advanced technologies like digital signatures can significantly mitigate risks for every user.

As cyber threats continue to evolve, and email becomes further enmeshed in our professional and personal lives, embracing these comprehensive security practices will become increasingly critical to safeguarding our data.  

Image: 84Video

Anita Mavridis is VP of Product at Zivver

You Might Also Read: 

New Guidance For Business Email Compromise:

DIRECTORY OF SUPPLIERS - Email Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Identities Are The Highest Priority Risk Area
London Hospitals Held To Ransom »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Blackrock Cyber

Blackrock Cyber

Blackrock Cyber consults on critical security decisions, oversees compliance for your payment initiatives, and details cyber security training for your entire organization and board reporting.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.