The security industry has a bit of a boy-who-cried-wolf problem. Every potential threat is maximally hyped, to the point where no one knows what they should take seriously or dismiss as marketing spin or simple overreaction.
And if you’re a shepherd, everything that moves starts looking like a wolf. Particularly if you’re a shepherd that specialises in anti-wolf security suites, right?
But in the same way that locking your front door is always worth it – even if a full-blown, code-secured gate is overkill – basic email security is a no-brainer.
You wouldn’t send a personal letter to someone without putting it in an envelope, so why let your emails fly without encryption?
You wouldn’t leave your front door unlocked – even though the chances of being burgled are very low – so why skimp on anti-virus software?
You wouldn’t want to spend all day answering your front door to spammy salespeople (whatever that might mean for you!) so why not deploy anti-spam software?
Because poor security habits and practices and continuous innovation on behalf of the criminals themselves mean that email is still a highly-effective medium for cybercriminals. It’s not growing anywhere near as fast as it used to, but the viruses and the spam and the phishing and the hacking can cause problems for any business.
Just look at the numbers.
More than half of inbound business email traffic was spam in 2015. That’s astonishing. Imagine if your post was like that? (OK, maybe you don’t need to try so hard for that…!).
And whilst old-school phishing attacks are declining rapidly (from one for every 392 emails in 2013, to one for every 1,846 emails in 2015), sneakier, more sophisticated spear-phishing attacks that target employees grew by 55 per cent in 2015 . These involve highly-targeted attacks on a specific individual or organization, often involving elaborate impersonations for maximum believability.
And overlooking basic security measures has financial and reputational costs. The consequences of email vulnerabilities might seem trivial but, rather like a small cut that gets infected, they can get nasty if left unattended and untreated.
It’s an extreme example, but Talk Talk’s hacking experience in 2015 ended up costing them 100,000 customers and approximately £40m (including a £400,000 fine for failing to adequately protect customer data). 28,000 credit and debit card details were stolen along with around 15,000 bank account numbers and sort codes.
Information Commissioner Elizabeth Denham said: "TalkTalk's failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk's systems with ease … yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action."
Even in this climate of heightened security warnings, clearly there are sensible reasons to take basic email security measures. Particularly given the potential business consequences of a breach, and the ease with which these can be prevented.
The costs are not just monetary, but financial, reputational and possibly even legal.