for our 12/13 webinar (1PM ET) with leading cyber attorney Robert Metzger on the risks of not complying with DFARS 7012 & CMMC
Our CMMC whitepaper has helped over 2000 defense contractors jumpstart their compliance journey. Check out our updated version for CMMC 2.0.
Email, long the primary collaboration tool for business, is fundamentally untrustworthy and broken. The average US employee sends roughly 30,000 emails per year, and as many as 20% of these contain sensitive information. Simultaneously, emails have become the single most efficient and effective attack vector for bad actors attempting to compromise corporate user accounts and devices. Compromising an individual employee’s email account can provide attackers with a gold mine of sensitive information. When company-wide email servers are compromised (which is not an infrequent occurrence) catastrophic damage can ensue.
Hence the paradox – traditional email is both indispensable and valuable to every business, and yet it poses incredible risk and is impossible to cordon off from malicious actors.
In the following blog post, we’ll explain how Preveil’s Trusted CommunitiesTM breaks this paradox – providing employees with an extremely secure channel (integrated seamlessly with Outlook/O365) that is completely insulated from phishing, spoofing, and Business Email Compromise (BEC) attacks. Sensitive emails sent through this channel also stay secure even if individual user passwords are stolen, IT Admins are compromised, and servers are breached.
Whether they recognize it or not, the majority of US businesses encounter incoming spear phishing, malicious links, spoofing / business email compromise attacks on a regular basis. As many as 95% of enterprise attacks involve spear phishing. BEC scams (which involve impersonating various executives/employees) are also on the rise and cost businesses $3.1 billion over the past few years. Even when trained to avoid external phishing emails, 30% of employees open well-crafted malicious email messages.
Contrary to the marketing messages of many email gateway products, even the most advanced email filters, gateways, and sandboxing tools do not catch the majority of inbound email attacks. Even if you feel confident in your enterprise’s cyber security measures to combat all of these (which most experts would argue you should not be), you still have to consider the possibility of 3rd parties you work with being compromised (supply chain partners, vendors, etc).
What’s needed is a way to ensure that all email communication, within the company and from select outside organizations, is, well, trustworthy. This is why PreVeil has created Trusted CommunitiesTM to provide businesses with an easy to use, highly secure channel that protects enterprises of all sizes from phishing, spoofing/impersonation, and overall business email compromise.
Using PreVeil, every employee has a complimentary secure email and, unlike typical email, admins can restrict 100 percent of external traffic. Admins whitelist only those domains they believe are trustworthy. Employees don’t need to filter through and attempt to discern whether an incoming email is authentic or malicious – everything that comes in via their secure inbox can be trusted. Third parties such as suppliers, customers and partners can also be selectively white-listed by the admin into the company’s Trusted Community, allowing them to exchange emails and share files with employees. The result: email collaboration with external parties is just as easy as within your own organization but much more secure.
Realizing that most employees don’t like the hassle of leaving Outlook to open up a separate email portal (let alone, having to remember yet another password), PreVeil’s solution seamlessly integrates with Outlook/O365. Employees can keep their existing email address with no additional password to remember. Early adopters of PreVeil like that with Trusted CommunitiesTM, high risk user groups (such as the executive team, Corporate Development, HR, Finance and Board of Directors) can be protected without creating a burden on their day-to-day productivity.
Achieving this high level of security also requires communities to adopt a new class of enterprise collaboration applications that are ‘purpose-built’ for security. End-to-end encryption uniquely provides this formidable, gold-standard level of security through the use of public-key encryption. In this scenario, each user is assigned a public key pair using Curve25519-based cryptography. All encryption and decryption happens on the users’ device. Files on servers are always encrypted and is never available as plain text.
Privileged activities such as recreating an account if a user’s device is stolen is only enabled after receiving cryptographic authorization from a pre-determined set of administrators. This way, if loss or theft occurs, users can restore accounts and re-access their data through Approval Groups on a new device.
With this level of security protecting your inbox, email can become a trusted component of everyday business.
The benefit of Trusted Communities is manifold. Luckily, Trusted Communities can be part of the reality of your enterprise’s email solution. There’s no need to wait for tomorrow’s technology when this level of security is available today.
The PreVeil team would be happy to answer any questions, and to build a Trusted Community tailored to your business. Just click on “Request a Demo” at the top of the page to get started.