From the Frontlines: The Email Security Threat

June 28, 2018
IT Security

Email Security Threats with Tom Drez

IT research analysts, technology writers, and vendors regularly cite their “top issues” facing IT professionals. But what are the most prevalent issues that IT professionals themselves say keep them up at night? After all, they’re the ones on the frontlines of day-to-day IT operations.

In an IT security survey that US Signal conducted earlier this year, respondents noted that one of their top three challenges was protecting against email threats. That’s not surprising given the extensive list of email-based attacks many companies have been enduring, including phishing, spear phishing, whaling, business email compromise (BEC), CEO-to-CFO scamming, and email impersonation. 

But just how big of a deal are email threats and what are IT professionals doing about them? We asked one of our clients.

Education vs. Email Threats

Portrait of Tom Drez, CIO of Christian Brothers Services

Tom Drez is the chief information officer of Christian Brothers Services (CBS), a nonprofit organization that provides a variety of benefits programs to congregations, organizations, and dioceses throughout the United States and Canada.

He said that email security threats do pose a significant problem for his company, noting that phishing and spear phishing attacks occur every day. Among the challenges those attacks are the company’s own employees.

“We are only as strong as our weakest link, and unfortunately, we know that people are usually the weakest link in any equation when it comes to machines.  

“We can protect the company from 999 attacks out of 1,000. However, the ‘bad guy’ only needs to get one person to click on a URL or file attachment in an email to win.”

Nonetheless, Tom says his company is seeing some success in their IT security efforts.

“A few years ago, we revamped our entire computer security awareness program to get in front of employees at least three to five days a week with news, education, and useful information. Security is not a baked-in topic for all employees yet, so we’re trying to keep security topics top of mind.

“Much of our focus is on moving employee ‘awareness’ to ‘behavioral change’ over time. Our educational initiatives include conducting our own phishing and spear phishing tests with our employees every month. They’re designed to be educational and informative, rather than punitive.”

Behind-the-scenes Security Efforts

Tom also says he and his team are trying to help employees by fending off threats as much as they can by implementing safeguards where prudent, appropriate, and reasonable.  

“For example, in addition to educational resources, we remove spam and junk messages before they even hit an employee's inbox. All messages from the outside are labeled with [EXTERNAL] in the subject line.

“We validate every single inbound URL in an email message, stripping away known harmful URLs and file attachment types like .EXE files that can execute malware code. We provide a secure message center for our employees to encrypt outbound messages. And, we automatically encrypt all messages found to contain sensitive information or a large amount of data.”

While the IT team’s efforts aren’t stopping email threats entirely, Tom says they are making a difference.

“It can be difficult to see the forest for the trees, but I think if we stopped doing all of these things, people would notice. They’d become less efficient, less effective, and less productive, and our IT security risks would increase to the point where the business itself was at risk.” 

Bolster Your IT Security

Are your IT security efforts doing what you need them to do? To learn about some of the options US Signal offers to help strengthen your IT security profile, call toll-free: 866.2. SIGNAL, or email: [email protected].

If you’d like to learn more about US Signal’s work with Christian Brothers Services, you can download the case study here