Artificial Intelligence (AI) is the talk of the town right now and it’s easy to see why. Whether it’s healthcare, finance, retail or automotive, the application of AI in most industries will transform how we deliver services for the better. That’s also true of one of the most fundamental yet often overlooked aspects of corporate infrastructure today: email security.
AI will help protect our inboxes from malicious attacks, but there’s only so much AI can do when it comes to your inbox. At the end of the day, responsibility for email security will fall on your employees. In fact, employee training and company culture could play a larger role in securing your inbox than technological solutions – the two must work in conjunction.
Today, we’re looking to put a bit of human soul back into email security. We’re going to analyse the role culture has to play on reinforcing email security, exposing how cyber-criminals take advantage of organisational susceptibilities to get at sensitive material.
The false-confidence problem in email security
Cyber-threats from malicious emails have been around for decades now. Many of today’s employees even grew up dealing with phishing attacks and will confidently claim they can spot a phony email a mile away.
But that isn’t always the case. In fact, some argue that we are now suffering from a false-confidence problem that is eating away at our security. That’s because it’s one thing to know what a phishing attack might look like, but it’s another to know what actions to take if an attack happens. This is a problem with company culture that we must overcome.
The only way to do that is to undertake a company-wide training initiative to learn where your employees currently stand on email security. You need to assess if your team knows how to identify malicious attacks and if they know the appropriate response. Regardless of whether there is a shortfall or not, you should then retrain your team to guarantee that everyone is up to speed.
To nip the false-confidence issue in the bud, continue to follow up with your team to reassess their email security knowledge so you can retrain as required.
In the news… a “lackadaisical culture of trust”
False-confidence doesn’t work alone to destabilise email security. It also breeds trust within an organisation that could be abused by a cyber-attacker, or even a former employee.
For instance, your organisation could have a problem with who has access to emails. That may well have been the case for the UK Government, with Kim Darroch’s position recently becoming untenable following a leak that quoted Darroch criticising the current US administration.
Arguably, this could all have been avoided if the UK Government made email security more of a priority, as Wired reports. Currently, there is “a lackadaisical culture of trust permeating UK Government departments, according to which every one of the 414,390 full-time equivalent employees of the civil service should be trusted.”
Because many senior civil servants prioritise getting the job done instead of getting the job done right, they delegate to their teams and that includes delegating access to their emails. Wired reported that “delegated access meant that those without the requisite security clearances were simply trusted not to read emails marked as “Private and Confidential” without any checks to ensure this trust was well-placed.
It could well be the case that Darroch lost his job and UK-US relations were sent into a tailspin because of this laissez-faire approach to email security within the Government. Ironically, this behaviour runs counter to the Government’s own policies.
To reinforce its security policies, the Government will need to undertake a vast training initiative to secure sensitive material shared via email. It will take a ground-breaking culture shift within the civil service, but it’s crucial for securing the state’s most sensitive secrets.
But if there’s one thing that’s clear from this story, it’s that culture plays a huge role in email security.
Integrating email security within your company culture
Make sure your organisation’s culture doesn’t prove to be a liability for your email security by following these simple steps:
- Implement multiple best practice email security policies
- Assess your team’s current understanding of email security
- Retrain your team to baseline and guarantee understanding
- Follow up training with your team periodically
Learn more about humanising email security
Technological solutions are undoubtedly important when it comes to email security, but we can’t overlook the role humans have to play in security. To learn more about how to humanise email security, be sure to download our latest white paper: Are We Human? Putting the Soul in Secure.