Common Email Security Threats You Must Know About

Ashwin Satyanarayana
Categories : Enterprise security ,Computing
Tags : Computing enterprise security topics document security

Page content

Email is everywhere, so it automatically follows that it brings a veritable list of email security threats with it. As if that wasn’t enough, it would be the open-can-of-worms for other related threats like corporate espionage; vulnerable business or corporate data and business infrastructure. From harmless prank emails to personal online abuse; from phishing to reputation attacks, email security is every IT administrator’s nightmare.

Email is ubiquitous so are the security issues that come with it. The incident level for email security is low, but the threat levels and ease levels are an incredible high. Listed below are a few threats that can be vicious and lead to “Business-Not-As-Usual” for your company if left, unchecked.

No Encryption, no Security: Encryption is one of the simplest forms of email security that should have been employed, but surprisingly, this isn’t the case. Most small businesses don’t use any sort of encryption whatsoever when using email for business use. Using simple tools like Sniffers, hackers can easily get to spy on all inbound and outbound emails. Unprotected emails can lead to spurious spying on corporate data – company business plans, marketing plans, financial records, customer data, etc.

Email Forging: Email forging is now an increasingly forehead slapping problem for most corporate. Email forging consists of an attacker sending a cleverly worded but fake email (forged) to a third-party (it could be any one like a vendor, customer, client, etc) thereby making the email look like it’s originating from the victim organization. For instance, I could create an email that could look like one from Toyota Motor Corporation to one of its world-wide vendors and elicit them to give out information that ought not to have been shared. Email forging can be used to create misunderstandings, defame companies, attack reputations and is the cornerstone for phishing.

The Game of Spam: Email is the default vehicle for spam. Spam, as you well know is a major show-stopper for businesses world-wide. A recent report has stated that almost 70% of all email doing the rounds online is spam and that is really bad news because apart from actual problems that arise out of added administration, management, server and other costs, all of that management also leads to re-routing of productivity towards seemingly less important tasks like deleting spam and managing it instead of focusing on business efficiency.

Password and Authentication Vulnerability: In normal circumstances, users use password authentication for session access. However, the user word and password is sent in plain text is sent in plan text format which is relatively very simple to crack using simple sniffer tools and then carry spurious activities by impersonation.

Email and Sexual problems: Well, not in the direct sense, though. With the faceless looming nature of the emails, the attackers can make lascivious and rude remarks on employees within companies – the miscreants could be insiders or anyone at all. It has become rampant and just as uncontrollable. This could be even worse than spam since spam isn’t inherently insulting or rude. It just intrudes. But personal attacks can be infuriating, condescending and extremely counter-productive for businesses.