• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

Email Security Vulnerabilities Causing Most Cyber Insurance Claims

Published by Sabrina Pagnotta on February 18, 2021
Categories
  • Blog
  • Shadow IT
Tags
  • TPRM Best Practices
email security vulnerabilities

Although email is a crucial tool for businesses, most of the time it’s not properly secured beyond a login password. While this may seem harmless, email security vulnerabilities are at heart of most cyber insurance claims.  In fact, the majority of cyber insurance claims come from the same attacks: business email compromise (BEC), social engineering, brute force of remote access, exploitation of known vulnerabilities in unpatched software, and ransomware. Recent findings from Coalition, a cyber insurance and security firm based in the US, show that 54% of claims in the first six months of 2020 were caused by BEC and social engineering, and 29% were linked to remote access. 

These risks only increased with the spike in remote working due to COVID-19. Some people started using their personal devices to access their business email, and security policies were not always reinforced. 

Even before the pandemic, business email has always been a frequent and easy target. Attackers can exploit common email security vulnerabilities, compromise accounts through phishing or social engineering techniques, or do email spoofing.  It’s important to understand that email security does not end with authentication for accessing our accounts. Here are some useful tips.

 

Protecting and authenticating business email

The following options are available and advisable to use for securing business email. 

 

Multi-factor authentication

A password is not enough, as it’s one single “factor” of verifying that you are who you say you are. However, multi-factor authentication (MFA) combines these credentials with another method. The most common example of a second method is a one-time key or token, often sent by email, SMS or push notification, which is requested after the username and password. MFA is free, easy to implement and it’s available on most web services and applications, including all Microsoft and Google products.

 

Anti-spoofing techniques

There are also methods to validate and secure the message content, authenticate the sender’s identity, authorize email senders, and maintain the integrity and functionality of the email app itself. For instance: sender policy framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting and Conformance (DMARC).

 

Reinforced security policies

The covid-19 pandemic made accessing the business network from all over the world a necessity. With that ease comes an extended risk surface, opening up your network to abuse, lost credentials, insecure Wi-Fi connections and/or social media account hacking – nothing that a robust set of security policies and procedures can’t avoid or mitigate.

 

Training

Cybersecurity is becoming a part of everyone’s job, not just the IT team. Make your staff join the fight against cybercrime by explaining the potential threats and how to protect from them. Let them know they’re an integral part of the business security. This could actually make the difference in someone accidentally clicking a phishing link or visiting a compromised website from a spam email. 

 

Monitor exposed credentials

Some people (and organizations) might not even be aware that their email accounts have been compromised. There are tools that help businesses prevent account takeover and fraud stemming from stolen credentials.  SpyCloud is one of them, feeding exposed credential risk data to our ThirdPartyTrust platform. This sort of monitoring can go a long way helping you secure your supply chain against exposure to data breaches and cyberattacks, and even empower remediation.

We’ve now seen some attainable ways of securing business email. Are you ready to take your email security one step further?

 


 

To learn more about how ThirdPartyTrust can help you manage third-party risk across your organization, request your free trial now:

Trial Account Sign-Up
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT