Email: Your Digital Front Door

In an uncertain world, email might feel like an old and easy, reliable friend. Email is used to stay connected with colleagues, conduct school work and as a confirmation of purchased goods. What is not always top of mind is that email is the most common way cyber criminals are reaching their targets.

While many organizations believe their digital front door is their website, to a cybercriminal, it is in email inboxes. In our newly released H1 2020 Cyber Insurance Claims Report, Coalition examined claims from 25,000-plus small-to-midsize organizations and found that business email compromise (BEC) was the initial point of entry for 60% of the claims reported and resulted in a wide variety of claims, including funds transfer fraud, ransomware, and data breaches.

Interestingly, the data demonstrated that the likelihood an organization experienced a BEC was also correlated to the email provider used. Policyholders that used Microsoft Office 365 were more than three times as likely to report a business email compromise as compared to policyholders that used Google’s Gmail.

Despite popular belief, email is not a secure form of communication, and all organizations (and individuals) should use caution when sending or verifying any sensitive information by email. Cybercriminals have developed sophisticated techniques that can be very difficult, if not impossible, for the trained eye to detect.

Any organization that uses email is susceptible to BEC. However, claims data show organizations that rely on email to conduct financial transactions (e.g., title and escrow companies, realtors, brokers, etc.), as well as individuals with access to banking information (e.g., finance and accounting staff), are unsurprisingly targeted with considerably greater frequency.

BEC attacks have increased 67% from 2019 to 2020, and their success rate has increased dramatically. Malicious actors are taking advantage of changes in behavior as organizations respond to the dislocations caused by the COVID-19 pandemic to increase their success rates.

For example, it is common to see social engineering attempts where a criminal actor asks for payment to a fraudulent ACH instruction due to the closure of an office or inability to receive mailed checks. The recipients of these requests, believing the request to be legitimate given the current circumstances, often don’t think twice.

Cyber incidents are costly and incredibly disruptive for any business. However, most cyber incidents and security failures (particularly the ones targeting small businesses) are preventable.

Email is the single most targeted point of entry into an organization for a criminal hacker. Here is a checklist of quick and low cost/free email security measures.

Priority Items

• Ensure all user email accounts have multi-factor authentication (MFA) enabled. Reset all user email account passwords every 60-90 days.
• Ensure mailbox audit logging is enabled for all users.

Mitigating Phishing

• Enable a forwarding block to external domains.
• Set outbound spam notifications.
• Block access from unknown IPs or IP ranges.
• Create a mail flow rule that alerts users when an email is coming from an external domain.
• Force users to change passwords on next login after every successful phishing campaign. Close all user sessions for compromised accounts.

Account Delegation Controls

• Avoid providing accounts delegate access if possible.
• If delegate access is necessary, setup alerts for when a delegate accesses a custodian account.

Admin Hygiene Controls

• Monitor existing third-party application registrations and their API permissions.
• Check monthly for new user creations or implement new user creation alerts.
• Implement an email hygiene service.
• Implement a third-party solution to backup and archive email stored in mailboxes.

Nothing is 100% foolproof. An investment in cyber insurance transfers that risk and provides organizations with emergency first response when an attack occur.