Email is one of the most common modes of communication for businesses of all sizes. Unfortunately, malicious actors know that, which is why it's also the most popular attack vector. From phishing scams to business email compromise, it's one of the most vulnerable areas of your organization.
If you're reading this now, you're probably wondering how secure your current email provider is. Read on to find out.
Intelligent Technical Solutions (ITS) is an IT service company with years of experience helping businesses secure their organization, including their email. In this article, we'll dive into:
- Why email security is important,
- What are the least secure email providers, and
- What makes an email service secure.
Why is Email Security Important?
As we mentioned before, email is the most popular attack vector because it's one of the most effective points for initial infection. The average employee could receive hundreds of emails a day; they have little to no time to scrutinize each one. That increases the chance of a successful cyber attack. Not to mention, email attacks are a low-effort-high-reward method for cybercriminals to gain access to your systems.
Worse, a single malicious email could cause massive damage to your organization. Take a look below at some of the things a cybercriminal can do with a single email:
- Identity Fraud
- Business Email Compromise (BEC)
- Malware/Ransomware Delivery
- Data Theft
Every single one of those can be devastating for your business, and it all starts with one email.
What are the Least Secure Email Providers?
There are a lot of email hosting services out there that might not have ample security, but for this article, we'll look at the most popular options. Here are some of the least secure email providers for your small business:
1. Yahoo Mail
Yahoo Mail has been involved in several controversies regarding breach of trust over the years. The biggest was when it was revealed that it gave US intelligence agencies backdoor access to hundreds of millions of user accounts. The company even provided the government with a specially designed tool that could be used to scan all incoming emails for keywords and information provided by US intelligence officials.
If you think that controversy was a one-and-done thing, think again. The company's privacy policy states that Yahoo analyzes and stores all communications content, including email, from incoming and outgoing mail. This allows us to deliver, personalize and develop relevant features, content, advertising, and services.
Privacy concerns aside, Yahoo Mail also doesn't have a great track record when it comes to cybersecurity. In fact, the provider was hit with a data breach in 2016 that affected over 500 million users.
2. AOL Mail
Speaking of email services with questionable privacy rules, AOL Mail is another provider with the same intrusive data policies. That's because Apollo Global Management purchased both Yahoo and AOL Mail. Both providers now use the same privacy policy, allowing them full access to everyone's incoming and outgoing emails.
And, just like the previous company on this list, AOL Mail doesn't have a stellar cybersecurity record. In 2014, the company confirmed that it suffered an attack that spread through user accounts through spam mail.
While AOL Mail stated that no financial information was stolen, they admitted that hackers made away with a trove of personal data. That data included AOL users' email addresses, mailing addresses, contacts, encrypted passwords, encrypted answers to security questions for resetting passwords, and employee information.
3. Gmail
While Gmail might be better than the previous two entries on this list, it's worth noting that it has privacy issues as well. Google has been known to collect user data across all its platforms. And, while the company has said that it stopped scanning the content of emails for advertising purposes in 2017, the company still scans subject lines. What's worse is that it allows third parties to access your inbox, allowing them to take a peek at your emails.
As far as cybersecurity is concerned, Gmail has worked hard to prevent data breaches and attacks. It has been pushing two-factor authentication on its users and has implemented strong measures to protect against security incidents. Of course, that doesn't mean attacks don't happen. In fact, the company experienced a data breach in 2014, where nearly five million passwords were leaked online.
4. Apple Mail
Apple Mail can be considered as the most private service on this list. It doesn't track data for advertising. While they still collect your data, the company claims it is primarily used to improve Apple's software. Unfortunately, many apps from the Apple Store don't share the sentiment, as there have been cases of apps conducting invasive data tracking.
Privacy aside, the service has had its fair share of run-ins with data breaches. Security vulnerabilities for Apple Mail have been found on several occasions. While that can happen to any of the email providers on this list, the company has been criticized for how it has handled those incidents.
According to reports, Apple undermined the severity of its vulnerabilities and failed to act on them swiftly. It's the main reason the service made it on this list.
Underestimating or normalizing data breaches is not a posture a secure email provider should take.
Things to Consider When Choosing a Secure Email Provider
There are many things to consider when choosing a secure email provider. One is that you want to ensure the provider uses end-to-end encryption. That means only the email sender and receiver have the keys to decrypt the email message. That will help prevent cyber actors from intercepting messages from your device to the recipient while they're in transit.
Another thing that you should look for is whether the provider respects your privacy. You probably already know this if you've read the privacy policy of most email providers, but they take and use your data. Some, like Yahoo Mail, have even been caught scanning your emails for keywords so they can deliver hyper-personalized advertising straight to your inbox.
If privacy concerns you, consider switching to a different provider because that won't change anytime soon. While most of the top providers like AppleMail and Outlook have been trying to step up their privacy game recently, unfortunately, they're not quite there yet. Providers like ProtonMail and Tutanota, on the other hand, are better in that regard. Both providers prioritize privacy, and the former even has end-to-end encryption.
Lastly, look for a service that has a good track record. Research goes a long way when it comes to finding secure email providers. Check for any recent data breaches or controversies a provider may have experienced, and look at how they dealt with them. That will be very telling of how they will handle your data and your privacy.
Ready to Choose a Secure Business Email?
Email is crucial to any business' operations, but it's also one of the most common attack vectors. That's why it's essential to find an email service that is serious about cybersecurity and privacy. It's one of the best ways to prevent costly data breaches and security incidents.
ITS has been helping hundreds of businesses improve their cybersecurity efforts holistically, including their email. Learn more about how we can help you by scheduling a free network security assessment. Or, if you want to learn more about email security, check out the following resources:
- How to Protect Your Email from Cyber Attacks? [Video]
- Protecting Yourself From Phishing Scams
- 10 Tips to Protect Sensitive Data