As AI continues to revolutionise workplace productivity, email remains the cornerstone of communication, yet its growing security vulnerabilities demand urgent attention
CREDIT: This is an edited version of an article that originally appeared in SME Today
When it comes to workplace communication, AI has taken centre stage, bringing a wave of innovative applications and productivity tools to businesses and employees alike. However, despite this technological surge, email remains the backbone of workplace communication.
It is still the primary channel for everything from casual exchanges to sharing sensitive documents. Research reveals that over 90% of employees consider email “important” or “very important” to their daily work. Yet, while businesses often take email for granted, this reliance has created a significant security blind spot.
While IT leaders are understandably focused on inbound threats like phishing attacks – ranked as the top concern by 47% of them – two-thirds admit that outbound security breaches, often stemming from simple human errors, are responsible for more incidents of data loss.
Policy Awareness
Alarmingly, only 73% of employees are aware of their organisation’s email security policies, and just over half (52%) follow them consistently. This highlights two key challenges: businesses need to improve how they communicate their email security policies, and employees need better tools and support to make it easier to follow those policies.
Email may seem like a familiar and safe tool, but the threat landscape has evolved. AI-driven attacks are making phishing and ransomware more deceptive, with techniques like payloadless phishing enabling attackers to impersonate trusted contacts and manipulate recipients into revealing sensitive information – without the need for traditional malware.
Outbound Risks
Outbound risks, such as sending emails to the wrong recipient, accidentally sharing sensitive data, or failing to properly encrypt attachments, are just as, if not more, prevalent. Even the most conscientious employees make mistakes – especially under pressure or due to simple oversight. More than half of employees admit to making email errors at least once every few months, with 30% saying they make mistakes on an almost weekly basis.
The gap between perceived risks and reality is something IT leaders are increasingly aware of. The rise of hybrid and remote working introduces new vulnerabilities, as employees work across multiple devices and networks, making it harder to enforce email security policies effectively.
Building Robust Security
To achieve robust email security, organisations must adopt a multi-faceted approach that addresses both human and technical vulnerabilities. First, fostering a culture of security awareness is crucial. Training programs should go beyond the basics and equip employees with the skills to recognise not only phishing attempts but also the risks associated with outbound email mistakes. Clear communication of security policies is equally important, helping employees understand the “why” behind the rules and feel empowered to follow them. With less than three-quarters of employees aware of their organisation’s email security policies, and adherence still a challenge, this is a critical area for improvement.
Technology also plays a key role. Instead of focusing solely on inbound threats, organisations should invest in solutions that address outbound risks. These tools should seamlessly integrate into daily workflows, balancing usability with security. AI-driven solutions can provide real-time guidance to employees, alerting them to potential errors before they happen. For instance, attachments can be flagged as sensitive, recipients can be automatically verified based on email content and emails can be recalled if sent mistakenly. This level of automation empowers employees to avoid costly mistakes while ensuring adherence to security policies and compliance requirements.
The path to effective email security requires a combination of awareness, clear policies and the right technological tools to support employees. By addressing both human and technical vulnerabilities, organisations can ensure email remains a safe and reliable communication channel.
Be the first to comment