From the Edward Snowden saga to the Sony Pictures hack, email security spent a lot of time in the news in 2014. As a result, individuals and companies are paying more attention to how to lock down their email accounts. We reached out to three security experts, asking them what they thought the biggest trends in email security would be in 2015.
Their answers were revealing, highlighting increasing risks, and a growing need for better security solutions to protect email from hackers.
Trend #1: Increased Risk Due to More Sophisticated Attacks
When Thaddeus Gerber, the President of Velocity Network Solutions and the previous Senior Network Administrator at Yahoo!, was asked where email security was going in 2015, his answer focused on the increased risks facing individuals and businesses.
“Look for more sophisticated phishing attacks. Nefarious emails will be harder to distinguish for legitimate ones. Emails that claim to be from your bank or credit card company will be much more authentic looking. While these are not new, they will continue to evolve and look legitimate,” he said. Gerber also warned of phishing attacks that will appear to come from people in your social network.
We agree with Gerber — identity spoofing is certainly a threat. A good counter to this sort of threat is to ask your friends to use an encryption service that could potentially double as an authentication service, like Virtru.
Trend #2: A Focus on Two-Factor Authentication
While Richard Wiles, from LSA Systems, an IT support company that deals with email security on a daily basis, acknowledged the growing threats in the market, his focus centered around the importance of two-factor authentication in keeping email secure.
“There are a few trends I expect to see in 2015 when it comes to email security. The first of those is two-factor authentication – the identification of users through a combination of two different components. The first being your username and password (the first ‘factor’), and the second being something such as access to your phone or PC,” Wiles said. Wiles also noted the importance of detection, even when it comes to secure email.
“Many email providers already allow you to enable alerts so that you will receive an email or SMS message if there is a failed login attempt of your email address. This will tell you that someone is trying to hack into your account. Once you have been notified, pass it onto your IT Support who can lock down your account.”
Wiles added that such alerts might be combined with a type of region filter that would block access to your email account outside of a certain geographic area, potentially protecting email security by preventing foreign hacktivists from breaking into your account.
Trend #3: Doubling-down on Encryption
Dan Stone, the founder of Kixio, an IT company based out of the UK, emphasized the modern place of email in business communication:
“We handle a lot of secure emails via TLS and certificates based encryption, emails are seeing a decline in favor of web based platforms and collaboration tools, but emails are still very strong, and they are a lot more formal, people are choosing to use collaboration tools to chat on now instead of email, but email is the medium of final say, a corporate boss won’t Skype a team to give them a grilling, so an email has much more authority. Emails between companies are still the tool of choice. You wouldn’t IM a new customer.”
As we’ve pointed out, while there are new communication mediums, email is still king when it comes to business communication. Stone continued, talking about email security:
“Spoofing and hacking have become common, there has been a big push on IT teams to secure email, so most people now choose TLS encrypted emails as they are the most compatible and secure. When you need to open a secure email on a phone or desktop, having a bespoke system you spend 5 minutes logging into isn’t practical.”
We agree with Stone’s evaluation — businesses need quick and easy access to secure email. Portal systems that require you to navigate through a series of login prompts and menus aren’t practical at all. You need something that doesn’t get in your way while still giving you client-side encryption.
Preparing for Tomorrow’s Threats
The best way to prevent your private data from falling into the wrong hands is to take proactive action. Encryption is your best bet, keeping your data safe even if your account is hacked, or if your password simply falls into the wrong hands.