Your business deserves a reliable, safe and secure email service provider so that you can focus on your clients and not have to worry about cyber attacks. Email is an essential service for every business. However, not all email service providers are created equal. Some email services are more susceptible to hacking and data loss than others. In this article, we explain why relying on a basic email service provider can mean your business is at risk of cyber attacks and why you should consider migrating to a professional email service.
How Your Email Provider Can Expose Businesses to Fraud
According to our in-house research, 20% of Aussie conveyancers rely on the email services provided by their Internet Service Provider (ISP) for operating their business. In other words, one in five conveyancing practices use email addresses likeย @optusnet.com.au
,ย @tpg.com.au
ย andย @bigpond.com
ย for business purposes. We have also seen practices using email services provided by their domain registrar (e.g. GoDaddy, CrazyDomains) or web hosting service provider.
The most significant risk in using these basic email services is the lack of cybersecurity features, putting your business at risk of cyber attacks, phishing and BEC (Business Email Compromise) fraud. Telstra reports thatย the most common cybersecurity threat in Australia is phishingย andย Aussie businesses often lose more than $100,000 per incident.
Poor Anti-Spam and Anti-Phishing Capabilities
First of all, the spam filter of any simple email hosting service is only capable of blocking the most primitive spam emails and phishing attempts.
Simple email services often lack any state-of-the-art anti-phishing technology that can identify theย sophisticated phishing campaigns of today. For example, phishing emails can be pixel-perfect copies of legitimate emails or can feature malicious file attachments capable of evading the antivirus software protecting your computer.
In other words, your business is exposed to fraud as any phishing email is more likely to be delivered to your and your staffsโ mailbox.
No Support for Strong Authentication
Also, simple email services expose businesses toย payment redirection fraud. The ACCC reports thatย payment redirection scams are one of the most significant cyber threats to small businessesย in Australia. The way these scams works is that cybercriminals take over business email accounts with phishing or from passwords leaked from data breaches.
Two-factor authentication (2FA) or multi-factor authentication (MFA) isย the most effective security practiceย that can protect your business from cyber criminals taking over your inbox and tamper with email payment instructions. Sadly, basic email service providers do not usually support 2FA or MFA security measures โ leaving your business to the mercy of cybercriminals again.
Lack of Protection from Email Impersonation Scams
Lastly, basic email providers do not take advantage of the new email standards which can protect from email impersonation scams. Email spoofing is when an attacker (cybercriminal) forges an email so that it appears to have been sent by someone else.
The core email protocols used by email were developed in the 1980s when abuse was not an issue like it is today. Back then, the internet was a quaint and friendly place. Since then, several additions to the email protocol have been developed to make email as a service more resilient to spoofing. One of these new standards isย Domain-based Message Authentication, Reporting and Conformance (DMARC), which was designed to detect and prevent email spoofing.
The sad reality is (as of today), ISP-provided email services such asย @bigpond.com
,ย @tpg.com.au
ย andย @optusnet.com.au
ย do not use DMARC,ย which would stop the majority of email impersonation attacks.
In a nutshell, basic email services feature little to no security features leaving businesses vulnerable to all sorts of fraud. Luckily, professional email platforms are available which support the above-mentioned cybersecurity features.
The Benefits of Professional Email Providers
One of the main advantages of any professional email service is the comprehensive security features of the platform. In addition to the security benefits, they can help your business thrive by making you and your staff more productive.
As for security, professional email providers can protect your company from phishing-based scams with theย better email blocking capabilities. The built-in spam and phishing filters are more effective than basic email services thanks to the crowdsourced โReport spamโ and โReport phishingโ buttons provided by these platforms. Because millions of users use these platforms, any phishing campaign is quickly reported by the community and the related emails are moved to your junk email folder instead of your inbox.
Secondly, professional email services offerย two-factor authenticationย or multi-factor authentication (2FA/MFA) which is essential in protecting your business fromย BEC (Business Email Compromise) fraud. The additional verification usually requires you to key in a six-digit code from your smartphones every once in a while.
As for the non-security benefits, professional email hosting often come withย additional services bundled in,ย such as a cloud-based file storage platform, an online office suite and collaboration tools. These add-ons are also available on smartphones and tablets, allowing you and your staff to work on the go or at home getting more things done.
Professional email services can alsoย integrate with third-party software solutionsย which is not possible with basic email services. For example, cloud-based backup solutions such asย Backupify,ย Spinbackupย can take daily snapshots of your mailbox meaning you will never lose an important email or file again if your organisation is a victim ofย ransomwareย or aย disgruntled employee. Also,ย third-party anti-phishing servicesย can easily be integrated to provide an additional layer of protection from targeted cyber attacks against your business. Advanced anti-phishing services offer the best protection from sophisticated phishing attacks such asย impersonation attacksย orย payment redirection fraud.
DIY: How To Migrate to a Professional Email Provider
If your business does not own a domain name, ย the very first thing you should do is registering one for your emails. Professional email providers utilise your own domain name when providing email services. Also, your business will look more professional by using your own domain name in your email correspondence.
The second step is signing up with a professional email hosting provider of your choice. Numerous companies are offering professional email hosting, but we recommend the following providers which support the cybersecurity features we have mentioned:
- Microsoft Office 365ย โ The most popular service by far amongst legal practitioners in Australia;
- Google G Suiteย โ Those familiar with Gmail and Google Docs will find this service more straightforward;
- Zoho Mailย โ Secure, fast, ad-free email for businesses;
- FastMailย โ Business email service made in Melbourne; and
- ProtonMail Professionalย โ Encrypted email accounts for companies.
Once you have signed up, your existing emails can be migrated from your old mailbox with migration tools. ย You will also need to change domain name settings to start receiving emails with your new email provider and re-configure your email software. Security features like 2FA/MFA are also turned off by default.
Conclusion
Internet Service Providers, free web email and shared web hosting email services are not up to the task of supporting email for businesses. Basic email providers usually lack the security features that protect businesses from the cyberattacks. There is a range of professional email hosting platforms available offering security features to help prevent phishing and BEC fraud. In addition, professional email platforms can help you and your business thrive by making use of the collaboration tools available on business platforms.
About the Authors
Gabor Szathmari is a cybersecurity expert with over ten years experience, having worked in both private and public sectors. He has helped numerous big-name clients with data breach investigations and security incident management. In his professional life, Gabor helps businesses, including many small and mid-size legal practices, with their cybersecurity challenges at Iron Bastion โ Australiaโs anti-phishing experts.
Nick Kavadias is a technology and legal expert with over 20 years of industry experience working in industries including telecommunications, banking, retail and healthcare. He has worked in a variety of technical areas including business analytics, information security and software development. He is also admitted as a solicitor in New South Wales.
* * *
This article was written with Nicholas Kavadias and has first appeared in the Iron Bastion Security Blog.