Email is the most-used business application by any organisation. However, it’s also the number-one method that cybercriminals use to carry out malicious cyberattacks. These attacks come in various forms including enabling malware delivery, phishing, and impersonations – all of which can easily spread through an organisation. It takes only one person in an organisation to unknowingly open an infected email.
Email is the most-used business application by any organisation. However, it’s also the number-one method that cybercriminals use to carry out malicious cyberattacks. These attacks come in various forms including enabling malware delivery, phishing, and impersonations – all of which can easily spread through an organisation. It takes only one person in an organisation to unknowingly open an infected email.
While organisations have long relied on the security gateways that come with email management programs such as Microsoft Exchange, Office 365, and Google Apps for Work, these traditional approaches are no longer enough.
A study by Forrester Consulting revealed that only five per cent of respondents are very confident in the overall security capabilities of their chosen email cloud provider. In fact, 44 percent of respondents said they would review the security implications of their cloud provider more thoroughly if they were to deploy a cloud-based email platform again.
According to Mimecast’s Email Security Risk Assessment (ESRA), many incumbent security solutions let through significant volumes of phishing, impersonation attacks, and other emails containing malicious content. The latest ESRA inspected 55 million emails that were deemed ‘good’ and passed through other security tools. More than 12 million – or close to a quarter – of the emails were in fact ‘bad’. It found 12.5 million spam emails, 9,000 dangerous file types, 2,500 malware attachments and 19,000 impersonation attacks.
It’s therefore important for organisations to enhance their cyber resilience strategies for email with a multi-layered approach. An organisation’s email resilience strategy should include advanced security, data management, business continuity, as well as awareness training for end users, which combined can help prevent attacks and mitigate the damaging impact it can have on a business.
One of Australia’s leading social justice law firms, Maurice Blackburn, recently engaged Mimecast to further secure its email. The law firm has approximately 1,100 employees across 32 offices in Australia.
Over the past few years, Maurice Blackburn has experienced an increase in malware infiltrating its email system.
Although most attempts were thwarted, the company’s IT staff still found themselves spending considerable time resolving the remaining malware that managed to slip through.
“We never really lost anything from previous ransomware attacks – we just wiped devices and started again – but there was significant overhead to deal with,” says Brett Johnstone, Maurice Blackburn’s Chief Information Officer.
“It wasn’t the most effective or efficient approach to mitigating the risks that we were seeing.”
At the same time, with the law firm responsible for being a gate keeper to such huge amounts of sensitive data, the risk was too high to rely on IT staff alone to fend off any cyberattacks. This prompted the law firm’s IT department to begin exploring options to improve email security and simplify the firm’s storage-heavy disaster-recovery setup.
The firm decided to implement Mimecast’s full suite of cyber resilience solutions for email. The Mimecast solution – consisting of Email Archiving, Email Continuity, Secure Email Gateway with Targeted Threat Protection – was relatively easy to implement, with only a small amount of user training and change management required.
It has also substantially improved email security for the firm as it has been highly effective at providing targeted threat protection by blocking malicious URLs, attachments, impersonation emails, and preventing users from being affected by malware.
According to Johnstone, email security is only part of the value that Mimecast has brought to the firm’s operations. With a centralised, cloud-based data email assurance platform for email now in place, the firm has also improved its disaster recovery capabilities. For instance, instead of maintaining a continuous redundant messaging environment, Mimecast’s robust email continuity capabilities mean the entire firm can access crucial correspondence quickly – even in the event of a network or email system failure.
The cloud-based email platform has helped the company minimise response times to mail flow issues by allowing administrators to proactively monitor high latency or failed deliveries. IT staff can also receive real-time alerts of service disruptions, while users receive notifications on how to stay connected to email in the event the primary system is unavailable.
By substantially improving the detection and blocking of malicious emails, files, and URLs through the secure email gateway, the law firm’s IT staff is now able to dedicate their time to other important tasks.
The transition has also provided cost benefits. Maurice Blackburn is now able to defer or eliminate capital expenditures for on-premise server storage.
Additionally, Mimecast’s email archiving solution has improved business continuity because it means the firm can retain, discover and have ubiquitous access to business-critical information across emails and files from a single secure cloud-based email assurance platform. The solution retains and archives the original inbound, outbound, and internal email, detailed meta-data including email recipients and delivery date and time, and a copy of the email if it was changed by company policy enforcement.
“With Mimecast we can get the benefits of email archiving without impacting the user experience. It’s extremely low touch and it works well,” says Johnstone.
With its email made both more reliable and more accessible, Maurice Blackburn is now exploring how related products such as Mimecast’s Internal Email Protect can further improve messaging security and how the Mimecast service enable even better archiving and searching for legal discovery purposes.
“Mimecast does a great job. The best part is that it’s set it and forget it: it does what it’s supposed to do, and does it well. We have full trust that Mimecast is doing what it needs to do so we can worry about other business problems.”
Mimecast makes business email and data safer for thousands of customers and their millions of employees worldwide.