While there are plenty of different ways to communicate online, including chat, VoIP, text, social media and so on, for businesses, even 50 years after it first came to the scene, email remains the number one online communication tool.
Today, however, in 2020, we are faced with much more online threats than were around in the 1970s when email was introduced. As a result, you need to start thinking more about what are the best email security solutions for you or your online business.
Most people use email for its convenience. There's no particular setup required, usually nothing to download or install. All you basically need is to create an account, which takes maybe 3-4 easy steps, depending on the chosen provider, and you are good to go.
Typically, the choice here is either Gmail, Yahoo!, Microsoft's Outlook or iCloud Mail. The problem is that you can't take email security with these providers for granted.
In fact, as the next example will show you, these are often lacking in email security.
Yahoo! Mail Cautionary Tale
For a long time Yahoo! Mail was considered the number two (or in some cases, number one) choice for an email client, behind only Gmail.
And then something happened to almost completely ruin Yahoo!'s reputation.
Actually, it happened twice.
First, in August, 2013, Yahoo! suffered its first major data breach.
It took Yahoo! three years to discover the breach and to report it publicly in 2016.
In a statement made at the time, Yahoo!'s said that an "'unauthorized party' broke into user accounts using forged cookies."
In their first statement, Yahoo! Said that the breach affected one billion users, but later on it was discovered that the breach was much greater and probably affected all 3 billion Yahoo! users at the time.
Unfortunately for Yahoo! they didn't get much time to rest after the first data breach because very soon, the company was hit by another in late 2014.
This breach was also reported in 2016 and it included data from 500 million user accounts, including email addresses, hashed passwords, security questions and answers (many of them unencrypted) and more.
Needless to say that because of these two data breaches, Yahoo! lost a lot of money and customers. A lot of users left as a result and Yahoo! tried in 2019 to fix the situation a little by offering anyone who had an account between 2012 and 2016 and were residents of the United States or Israel, to be part of a settlement class and file a claim.
The total settlement fund was $117,500,000. If you're interested in the legal side of this, you can check out the settlement details here. The deadline for the settlement was 20th July, 2020.
Time to Think About Email Security More
If you were a Yahoo! Mail user back when this happened you probably would be very scared for your data. And even if you weren't using Yahoo!, but perhaps Gmail or some other email client, this was still a cautionary tale.
Not to mention that Gmail users have no right looking down on Yahoo! for its lapses of email security.
For example, we already covered an SMTP injection in G-Suite that allows Google email domains to be spoofed.
Earlier this year, Google rolled out a new security update for Chrome, version 81.0.4044.113 for Windows, Mac and Linux machines and recommended its users to update to it as soon as possible.
The security issue in question is an exploit named CVE-2020-6457 and has a peculiar description:
"Use after free in speech recognizer."
Then, if that wasn't enough, in August this year, Google reported a major security bug on its Gmail and G-Suite email servers that allows hackers to mimic a Gmail or G-Suite user and send spoofed emails.
So how can you respond to email security issues?
The first thing you want to do is to change your email password and start using something more difficult to crack, or you went into the email settings for the first time to see what you could do from there. You also became much more careful about what emails you open and respond to as you now started hearing about all those scams and phishing emails.
And that's all great, but it's not enough. To truly protect your email, you need to start using the right email security solutions.
We picked out two email security solutions for you that will protect your online business from spear-phishing, malware and other email threats.
Barracuda can protect your email against volumetric threats, including malware and spam, as well as more advanced ones like ransomware and spear-phishing.
It also provides a full cloud backup and recovery for every email and file and protects your data from corruption and deletion with full cloud backup and your data with encryption.
Mimecast is a cloud-based secure email gateway that protects organizations using cloud or on-premise email platforms from spam, malware, zero-day attacks, spear-phishing and other threats.
This email security solution also prevents the delivery of dangerous email attachments using sandboxing security inspections, signature-based and static file analysis and against malicious URLs.
But let's get back to the actual email service and more specifically, their response. It's hard not to mention how slowly both Yahoo! and later Google reacted and did something to fix the situation. It took Yahoo! full three years to publicly report the two data breaches and even then they didn't know the full scope.
Google was a bit better, but still very late in their response. The security exploit was reported by security researcher Allison Husain in April, 2020 and Google reacted after 137 days in August.
You can read more about the bug and its history on Husain's blog.
Instead of using services that allow such serious email security bugs and then take forever to fix them, it's time to start using an email provider that really thinks about your security.
CTemlar offers the strongest end-to-end email encryption in the industry, along with virus, anti-phishing and brute-force protection. In addition to this, your data belongs to you and only you as Liverado uses Zero data access, which means we can't read your messages.
Sign up today for your Liverado: Armored Email account.