FEATURE: CYBERSECURITY
Matthew Gardiner, Senior Product
Marketing Manager, Mimecast
in conjunction with Targeted Threat
Protection and Mimecast Continuity
Services, combining prevention of email-
borne cyber exploits, simplified recovery
of email data in case of breach and
email service continuity.
The human firewall
Despite research indicating that the
primary cause of security breaches
is human error (typically negligence,
ignorance or inattention), there is
a disproportionate investment in
cybersecurity training for staff, says
McLoughin. “The key to security in today’s
open, distributed systems is actually not
technological at all: it is people.”
By not increasing end user awareness,
you are failing to secure your
organisation: “Security strategies have
focused more on building technologies
to protect the network and laptops
rather than the individual using it,”
says Saunders.
Saunders suggests the following tell-tale
signs for employees to remember when
handling email:
1. Verifying the email address of the
sender. Is the email address 100%
correct or have certain characters
been replaced; for example, ‘m’
replaced with ‘rn’ or ‘o’ replaced by
‘0’ or ‘zero’.
34
INTELLIGENTCIO
Nicolai Solling, Chief Technology
Officer, Help AG
2. Are you expecting this email to come
from someone in your organisation
or at your customer? If not, first
check with the sender to verify they
did in fact send it.
3. Check what the email is asking
you to do. If it asks you to make a
payment, ask yourself whether this is
something you would generally do,
or is this an anomaly?
4. Check the subject line and content
of the email. Are there words
such as ‘payment’ or ‘click here’
present? If so, ask yourself again,
is this normal or is there perhaps a
risk? Always verify with the sender
before doing anything if something
looks suspicious.
“Modern business
is characterised
by openness, and
this raises severe
challenges for
the traditional
‘lock everything
down’ approach to
security.”
John McLoughlin, Managing Director,
J2 Software
“The key to
security in today’s
open, distributed
systems is actually
not technological
at all: it is people.”
Alongside classroom-based awareness
training, there is much emphasis now
put on simulating phishing attacks on a
regular basis in order to assess your own
cybersecurity and then designing targeted
training programmes off the back of the
results. The time spent orchestrating such
a ‘fire drill’ and keeping employees aware
of potential threats could save you a lot
of pain further down the line. As Basheer
says: “The Information Security Office
should not view security as once a year
activity but try to make it part of a day-to-
day activity.”
With email being such an essential
part of your business, you cannot risk
losing it, even for a couple of hours. By
overlooking securing your email you
are exposing your organisation and all
its data to potentially deadly threats.
Email should be as pivotal a part of your
security strategy as it is a tool to your
business, and as McLoughlin concludes:
“Prevention really is better than cure.” n
www.intelligentcio.com