E-mail security continues to be a problem for users at all levels. The baffling array of attacks, including phishing, whaling and business e-mail compromise, shows no sign of letting up in 2018. IT professionals, for the most part, have taken a laissez-faire approach: train users more in ways to avoid e-mail attacks and hope for the best.
But how do you train users when two-thirds of inbound phishing attacks use the company’s own domain name? That makes such scams extremely difficult to detect, according to an article published on the IDG Contributor Network.
Since e-mail is now used by as many as half the humans on the planet, according to research by Radicati, it remains the most effective and inexpensive way to reach out to friends, family and business contacts.
So if it’s clear e-mail isn’t going anywhere, how do we solve its inherent problems?
Security Made Easier
I have spent the last 25 years studying web-based issues and have a number of patents in the cybersecurity area. More recently, I’ve been focusing my efforts on e-mail security and working to comprehensive solutions that are compatible with existing systems, but at the same time improves e-mail security and functionality.
Let’s face it: e-mail is in dire need of an update since the existing design and architecture allows for virus attacks, spam abuse and other major security concerns.
Spammers are becoming more creative in their ways to get you to click on their links, including using dummy web pages that look like the real thing and then encouraging you to enter your user name and password. You need to be more careful than ever, checking the e-mail address in the from field and rolling over the link with your mouse to see if the web address is legitimate. Keep in mind, most financial institutions will never send you e-mail with links; they usually call or send a letter.
Advances in my patents include: the secure transfer of e-mail messages through existing clients and without necessitating changed e-mail addresses. That’s critical since most other secure e-mail systems (Hushmail, Proton, etc.) require you to use their domain address.
In addition, the system can track all actions performed in connection with an e-mail transmission and has the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve and open the e-mail message or not.
The Authentication Route
Experts believe e-mail authentication will become more mainstream in both the public and private sectors, shifting from merely deploying authentication to enforcement, where a domain’s published e-mail policy directs mail servers worldwide to block unauthenticated e-mail. In the private sector, this shift will be driven by marketing departments, who view authenticated email as a brand protection tool, as it can also increase e-mail deliverability.
Authentication may seem like a complex route, but it’s already in use by banks, credit card companies and secure cloud services, so why wouldn’t we authenticate the most fundamental form of communications that business uses today — the simple e-mail message?