History has shown, time and again that the number one threat to sensitive and confidential data within an enterprise are its own employees. IT and security experts know this well. In the 2020 Global Encryption Trends Study sponsored by Entrust, an Entrust Datacard company, 54 percent of IT professionals cited employee error as the top threat to corporate data. This finding is backed up by the FBI’s Internet Crime Report, which shows that business email compromise (BEC) scams resulted in $1.7 billion in losses to companies in 2019. This reality requires companies to ask the fundamental question of how to best protect their confidential data from not only outside threats but their own employees.

With COVID-19 spurring more work from home, employees have less face-to-face contact and work forces are even more dependent on virtual communications and mobile devices. This creates a perfect attack vector for bad actors to exploit the new workspace using sophisticated tactics.

And no wonder: Relative to other technologies, email infrastructure is fundamentally less secure from an identity perspective, which is why email addresses can be spoofed and why an email can appear to come from someone legitimate. It comes down to humans making choices. Regardless of the size of an organization, the consequences of not having the right email security strategy in place can cost organizations millions.

Need examples? Recently, a “Fake CEO” scam hit an Austrian aircraft parts maker FACC, where €50 million  were stolen. Last year, Toyota lost $37 million to BEC scammers, and Nikkei – one of the world’s largest financial media companies — lost $29 million. And with COVID-19, we have seen more targeted attacks — the FBI issued warning of personal protective equipment (PPE) and critical equipment procurement themes being used to defraud organizations who seek these supplies.

The losses are not just in money but in reputation as well. A highly publicized email hack of Sony Pictures, damaged the company and its brand by gaining access to confidential information including details of movies that had not yet been released. In all these cases the emails had important content, and a bad actor was able to steal the data and get access to all that unreleased content as it was data sitting at rest and not encrypted.

Email Encryption to the Rescue

When looking for a way to add safeguards that will protect organizations from the human error factor, email encryption and digital signatures can help. Adding this protection helps identify to employees that an email is coming from a legitimate source. Emails that are digitally signed by an employee can be trusted to come from the stated source and ensure that the content hasn’t been modified during transit. The flexibility to install secure email certificates across multiple devices provides employees with a stronger security posture. Along with automation and management capabilities that make it easier for IT administrators and companies to scale secure email across their workforce.

Steps Companies Can Take To Secure Employees

  • Validate identity through S/MIME to provide employees with additional tools to identify the recipient of an email.
  • Automation and management capabilities are available to streamline the rollout and management of S/MIME certificates to employees along with key escrow.
  • Setup an awareness campaign to educate employees on how to identify trusted senders using S/MIME certificates.

More Resources to Explore