Your business deserves a reliable, safe and secure email service provider so that you can focus on your clients and not have to worry about cyberattacks. Email is an essential service for every business. However, not all email service providers are created equal as some email services are more susceptible to hacking and data loss than others. In this article, we explain why relying on a basic email service provider can mean your business is at risk of cyber attacks and why you should consider migrating to a professional email service.

How Your Email Provider Can Expose Businesses to Fraud

According to our in-house research, 20% of Aussie conveyancers rely on the email services provided by their Internet Service Provider (ISP) for operating their business. In other words, one in five conveyancing practices use email addresses like @optusnet.com.au, @tpg.com.au and @bigpond.com for business purposes. We have also seen practices using email services provided by their domain registrar (e.g. GoDaddy, CrazyDomains) or web hosting service provider.

The most significant risk in using these basic email services is the lack of cybersecurity features, putting your business at risk of cyber attacks, phishing and BEC (Business Email Compromise) fraud. Telstra reports that the most common cybersecurity threat in Australia is phishing and Aussie businesses often lose more than $100,000 per incident.

Poor Anti-Spam and Anti-Phishing Capabilities

First of all, the spam filter of any simple email hosting service is only capable of blocking the most primitive spam emails and phishing attempts.

Simple email services often lack any state-of-the-art anti-phishing technology that can identify the sophisticated phishing campaigns of today. For example, phishing emails can be pixel-perfect copies of legitimate emails or can feature malicious file attachments capable of evading the antivirus software protecting your computer.

In other words, your business is exposed to fraud as any phishing email is more likely to be delivered to your and your staffs’ mailbox.

The number of phishing websites is growing exponentially (Source: Google Safe Browsing)

No Support for Strong Authentication

Also, simple email services expose businesses to payment redirection fraud. The ACCC reports that payment redirection scams are one of the most significant cyber threats to small businesses in Australia. The way these scams works is that cybercriminals take over business email accounts with phishing or from passwords leaked from data breaches.

"Secret": Cybercriminals hijack business mailboxes by logging in through the webmail interface

Two-factor authentication (2FA) or multi-factor authentication (MFA) is the most effective security practice that can protect your business from cyber criminals taking over your inbox and tamper with email payment instructions. Sadly, basic email service providers do not usually support 2FA or MFA security measures – leaving your business to the mercy of cybercriminals again.

Lack of Protection from Email Impersonation Scams

Lastly, basic email providers do not take advantage of the new email standards which can protect from email impersonation scams. Email spoofing is when an attacker (cybercriminal) forges an email so that it appears to have been sent by someone else.

A real-life example of a spoofed email impersonating a CEO

The core email protocols used by email were developed in the 1980s when abuse was not an issue like it is today. Back then, the internet was a quaint and friendly place. Since then, several additions to the email protocol have been developed to make email as a service more resilient to spoofing. One of these new standards is Domain-based Message Authentication, Reporting and Conformance (DMARC), which was designed to detect and prevent email spoofing.

The sad reality is (as of today), ISP-provided email services such as @bigpond.com, @tpg.com.au and @optusnet.com.au do not use DMARC, which would stop the majority of email impersonation attacks.

In a nutshell, basic email services feature little to no security features leaving businesses vulnerable to all sorts of fraud. Luckily, professional email platforms are available which support the above-mentioned cybersecurity features.

The Benefits of Professional Email Providers

One of the main advantages of any professional email service is the comprehensive security features of the platform. In addition to the security benefits, they can help your business thrive by making you and your staff more productive.

As for security, professional email providers can protect your company from phishing-based scams with the better email blocking capabilities. The built-in spam and phishing filters are more effective than basic email services thanks to the crowdsourced ‘Report spam’ and ‘Report phishing’ buttons provided by these platforms. Because millions of users use these platforms, any phishing campaign is quickly reported by the community and the related emails are moved to your junk email folder instead of your inbox.

How G Suite allows its users report phishing attempts

Secondly, professional email services offer two-factor authentication or multi-factor authentication (2FA/MFA) which is essential in protecting your business from BEC (Business Email Compromise) fraud. The additional verification usually requires you to key in a six-digit code from your smartphones every once in a while.

Multi-factor authentication on the Office 365 email platform

As for the non-security benefits, professional email hosting often come with additional services bundled in, such as a cloud-based file storage platform, an online office suite and collaboration tools. These add-ons are also available on smartphones and tablets, allowing you and your staff to work on the go or at home getting more things done.

Professional email services can also integrate with third-party software solutions which is not possible with basic email services. For example, cloud-based backup solutions such as Backupify, Spinbackup can take daily snapshots of your mailbox meaning you will never lose an important email or file again if your organisation is a victim of ransomware or a disgruntled employee. Also, third-party anti-phishing services can easily be integrated to provide an additional layer of protection from targeted cyber attacks against your business. Advanced anti-phishing services offer the best protection from sophisticated phishing attacks such as impersonation attacks or payment redirection fraud.

DIY: How To Migrate to a Professional Email Provider

If your business does not own a domain name,  the very first thing you should do is registering one for your emails. Professional email providers utilise your own domain name when providing email services. Also, your business will look more professional by using your own domain name in your email correspondence.
The second step is signing up with a professional email hosting provider of your choice. Numerous companies are offering professional email hosting, but we recommend the following providers which support the cybersecurity features we have mentioned:

  • Microsoft Office 365 – The most popular service by far amongst legal practitioners in Australia;
  • Google G Suite – Those familiar with Gmail and Google Docs will find this service more straightforward;
  • Zoho Mail – Secure, fast, ad-free email for businesses;
  • FastMail – Business email service made in Melbourne; and
  • ProtonMail Professional – Encrypted email accounts for companies.

Once you have signed up, your existing emails can be migrated from your old mailbox with migration tools.  You will also need to change domain name settings to start receiving emails with your new email provider and re-configure your email software. Security features like 2FA/MFA are also turned off by default.

This may all be a bit much, so we suggest getting in contact with your IT service providers, or you can get in touch with us. Our experts can onboard you to your chosen professional email provider and migrate your email to the new platform.

Conclusion

Internet Service Providers, free web email and shared web hosting email services are not up to the task of supporting email for businesses. Basic email providers usually lack the security features that protect businesses from the cyberattacks. There is a range of professional email hosting platforms available offering security features to help prevent phishing and BEC fraud. In addition, professional email platforms can help you and your business thrive by making use of the collaboration tools available on business platforms.

About the Authors

Gabor Szathmari is a cybersecurity expert with over ten years experience, having worked in both private and public sectors. He has helped numerous big-name clients with data breach investigations and security incident management. In his professional life, Gabor helps businesses, including many small and mid-size legal practices, with their cybersecurity challenges at Iron Bastion – Australia’s anti-phishing experts.

Nick Kavadias is a technology and legal expert with over 20 years of industry experience working in industries including telecommunications, banking, retail and healthcare. He has worked in a variety of technical areas including business analytics, information security and software development. He is also admitted as a solicitor in New South Wales.

About Iron Bastion

Iron Bastion are Australia’s anti-phishing experts. We offer all conveyancing practices the same anti-phishing technology used by big business, without the big business pricing.

Our range of services are cloud-based, fully managed and easily integrate with your existing infrastructure. Our team feature qualified cybersecurity experts, and all our staff and operations are based in Australia.

Contact us for a free consultation, or sign up for a 14-day free trial of our services today.