by Peter Dietrich
3:00 min read
Of all the typical applications in most organizations, email is perhaps the most basic and essential. Any systems administrator knows that if email goes down they will hear about it. Email is a tool; increasingly it's a weapon as well.
In terms of basic human security risks, email is also the most frequent route for systems intrusions. The most common example is "phishing" or "spear phishing" messages that lead to malware infections. The differences between the two? Phishing is aimed at a broad audience (think of fishing with a tuna net) and Spear Phishing is aimed at a single target or a small group of targets (think of fishing with, well, a spear). The malware can be anything from "ransomware" that tries to encrypt your files and hold them for ransom to a Remote Access Trojan (RAT) that silently gives a hacker access to your system.
Email delivery of malicious software is usually in one of two ways. In the first case, an attached file contains code that exploits a vulnerability in the software used to open the file (e.g., Adobe Reader, Microsoft Word). In the second case, the email contains a link to a website or other online resource and that online resource delivers the malware, typically by exploiting a vulnerability in some element of the web browser.
See the results of an international user Risk Report
6 key features and considerations to keep in mind with email security software or services: