There was a time when email was pretty much the sole means of electronic communication used by business. These days, even with the growth of social and a host of specialist messaging and collaboration tools available, email remains as important as ever. There are an estimated 2.5 billion business email users worldwide - and that number is on the increase.
Dedicated cyber criminals are wise to this. They know that if they manage to gain access to your account, the chances are that rich pickings will be available in terms of internal communications, b2b transactions and potentially valuable data on your customers.
So why exactly would criminals bother accessing your account - and what are they likely to do when they’re in? We take a closer look…
A gateway to your business
Let’s say you’re one of those firms whose use of email is relatively minimal. You discourage its use for internal communications (preferring staff to liaise face to face for quick queries and to use dedicated collaboration tools). You also have measures in place to ensure that sensitive client information is never conveyed by email.
In these circumstances, you might assume that an email hack will have relatively few implications for the business. This, however, ignores the role of email as a gateway to other areas of your business and its IT infrastructure. Even if it is not a primary business tool per se, it tends to be interconnected to other digital accounts and services - which might include your CRM suite, cloud services (such as Dropbox and any proprietary services you have in place) and perhaps even your firm’s social accounts.
Little gems found within the inbox - a reset password message, for instance - can present valuable openings into the parts of your business, from your customer database through to your accounts suite, that are really valuable.
Selling on your digital assets
Once they are into your account, will it be the hackers themselves who will take advantage of the findings? Not necessarily. One option open to them involves taking a long hard look at your inbox - not to mention the archive if the account holder has administrator permissions - before isolating the means of access to connected services. This analysis of the account could lead to the means of accessing multiple services from Facebook through to the company bank account. Login details for each connected service can then be sold to separate brokers over the black market - meaning that multiple specialist criminals could benefit from the hack.
This is one of several ways a hacker can make direct financial profit from a hacked email account. The criminal essentially poses as a senior manager, identifying a business or individual (perhaps even a customer) with which the business has had previous financial dealings. Through a series of email exchanges, the hacker convinces that other party to make payment into a chosen account.
Your staff might be savvy enough not to be taken in by mass phishing attempts. But what a hacked email account can offer criminals is vital intelligence on how your business operates, the type of transactions it is involved in and the service providers it has dealings with.
This gives the criminal the opportunity to create a much more tailored - and convincing - phishing scam, thereby convincing them to click on links or divulge information that otherwise they would not be tempted to do.
So is email your weakest security link? A top priority in 2017 should be to ensure your infrastructure, procedures and safeguards are geared towards keeping your accounts safe.