Email Security’s Trump Card

Holding security-educated employees accountable can greatly boost your data protection efforts.

by Barry Shurtz

At this very moment, your messaging infrastructure is being used against you. It is both under attack and being used to attack—not just by hackers outside the credit union, but also by well-meaning employees within.

For all the talk around the growth of social media and the security issues that follow that growth, email is still the favored means of pulling a fast one on your employees. And as we’ve seen with the recent high profile spear phishing attacks, email can be highly effective in duping even the most sophisticated users.

To combat these threats, security vendors long relied upon a mix of anti-virus/spam, enforceable control policies and technologies, URL filtering applications, encryption, authentication, and more. Vendors are also incorporating real-time threat data from a variety of sources to head off the latest security threats as—and even before—they occur.

While all these email security technologies should be used by all credit unions, a few things that trump them are underutilized. They are: proper education and security training for users.

With highly targeted spear phishing attacks replacing conventional phishing attacks as hackers’ technique of choice, your email security ultimately lives and dies with your employees. Whereas phishing is the process of casting wide nets with clever but often sloppy attempts at tricking users into giving up user names, passwords, financial and other info, spear phishing attempts are custom-crafted for a much smaller, select group of targets.

continue reading »