The dangers associated with email and web security continue to grow, even more so now due to the pandemic. According to one study, though 71% of Americans are still working from home today, when business returns to normal, 54% of them want to continue that. If you’re a small business considering allowing your employees to keep working from home, it increases the need to take a new approach to security.
So where to begin? Our Email Security Partner, Mimecast, has some important considerations and suggestions for security decisions makers:
Why Move Security to the Cloud?
Smaller organizations suffer from two critical problems in the content of cyber security:
- Finding in-house security expertise: Lots of digital ink has been used in discussing the “cyber security skills shortage” – and for good reason: it’s a real problem for organizations of all sizes, but particularly for smaller ones. Smaller firms generally have fewer resources available to devote to IT and security labor, and so have a more difficult time in finding experienced and capable security staffers. Consequently, smaller firms generally don’t have the in-house skill sets necessary to deal with security threats, particularly more sophisticated and newer threats, and have more difficulty in justifying the hiring of these staff members.
- Higher costs per user: In the context of cybersecurity, smaller firms have two disadvantages relative to their larger counterparts: a) they tend to pay more for security solutions because they don’t enjoy the economies of scale that their larger counterparts enjoy, and b) they lack the number of users over which to distribute the cost of their security infrastructure and security-focused labor. Consequently, smaller firms generally pay much more per user than larger ones. This means that even though smaller firms more or less experience the same level of threats as larger firms, they are much less able to address them properly with on-premises security solutions. This is particularly true when organizations use multiple, disparate solutions with varying price points and degrees of efficacy – there is more to manage, costs are generally higher, and more internal resources are required to manage them.
Consequently, moving security to the cloud can get around these two problems by dramatically reducing the need for in-house personnel to deal with security issues, and by reducing the cost per seat to provide an equivalent level of service. That puts smaller firms on a par with larger firms in the context of providing robust security protection.
Another benefit of moving security to the cloud is the “community effect” that more or less is non-existent among smaller firms that operate on-premises security infrastructure. The community effect allows intelligence about an attack to be shared across the entire community of users, enabling a faster and more effective response than would be possible for individual organizations operating on their own. It’s important to note that the community effect is not necessarily an inherent, automatic feature of cloud security, since not all cloud providers offer this capability.
Yet another benefit of accessing security in the cloud is the ability to protect users well beyond the perimeter of a network when they’re traveling or otherwise remote. This has become particularly important during 2020 as tens of millions of information workers have been forced to work from home or other locations outside of the office. As a result, having security that goes with users from wherever they might be working is essential. Cloud security can provide the anywhere, anytime protection that the current threat landscape requires.
Using a Dedicated Security Provider
Microsoft offers native security through Exchange Online Protection (EOP) and Advanced Threat Protection (ATP), and many small- and mid-sized business decision makers opt to use these tools (EOP is available in all Microsoft/Office 365 plans, and ATP is included with Plan E5 and separately). However, Osterman Research recommends the use of third-party providers that are dedicated to security because these third parties generally provide better performance and efficacy. As just one example, SE Labs published their analysis of security solutions from third parties and those that are included in Google G Suite and Microsoft Office 365. Of the eight solutions tested, the top four were dedicated, third-party solutions; the bottom four were included in Google’s and Microsoft’s suites.
Why Integrate Email and Internet Security?
There are important advantages in integrating email and internet security, including the following:
- A single console can be used to identify and manage threats, manage policies, make administrative changes and provide reports. That results in no need to have separate reporting mechanisms for email and internet security. Moreover, a single interface and reporting mechanism provides greater simplicity and less time spent for administrators in creating policies, understanding security issues, and otherwise managing the security solution.
- Combined solutions can address combined attacks. For example, an attack may begin with a phishing email, but clicking on the link will direct the user to a web page that contains a malicious script. That web page could be genuine or bogus, and could result in the attacker’s access to a session cookie that would enable the same access as the victimized user. By having an integrated email and web security capability, staffers are better able to deal with security issues in a holistic manner.
- Finally, other benefits associated with using a consolidated security solution include lower licensing costs, a single tech support path for any issues that may arise, a consistent user experience that can help to reduce user confusion and complexity, and overall improved efficacy as a result of sharing intelligence across the platform.
Osterman Research believes that organizations should integrate their email and web security and, particularly for smaller organizations, do so in the cloud. Doing so will enable more robust defenses against the growing array of threats
How to Best Protect Your Business
We understand—email and internet security can be overwhelming, even for those businesses with internal IT support. The landscape is constantly changing, so to keep your work secure, it’s important to monitor the situation constantly, stay on top of the dangers out there and head them off before they cause trouble. Great Lakes Computer Corporation can help! Our data security and protection services lower your risk, secure your data and systems, and ensure comprehensive restoration should you need it. Email is a great place to start, so follow our link below to learn more!