March 31, 2023 By Josh Nadeau 3 min read

In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a great deal of exposure regarding email visibility.

It should come as no surprise that cyber criminals are always looking for ways to gain access to sensitive information. Unfortunately, emails are a particularly easy target as many businesses do not encrypt or mask their messages. That means anyone with the right skills and tools can intercept and read your emails — or even alter them.

So this begs the question, should you consider hiding your work emails? Let’s discuss the growing risks associated with exposed email addresses and what organizations should consider when deciding on their path forward.

Exposed business email addresses: A growing risk

With the increasing prevalence of cyberattacks, organizations must understand the dangers associated with exposed business email addresses. While traditional threats such as phishing and identity theft remain, businesses must face new threats against data protection.

For instance, recent reports have noted a trend in attackers using leaked emails to access other accounts through reused passwords. This means even if an organization has strong password policies, it can still be vulnerable to hackers gaining access to sensitive information through compromised accounts elsewhere.

Another growing risk is the potential for email addresses to be sold or used in targeted marketing campaigns. While some organizations may not consider this a severe threat, it can still create a meaningful security hole. Using these campaigns, malicious actors can gain access to valuable company data and contacts.

How are businesses protecting themselves?

A few years ago, organizations began recognizing the value of keeping their emails secure from specific applications, websites and vendors. Although this didn’t eliminate all risks, it reduced the possibility of a malicious actor gaining access to sensitive information and led to the development of automated email masking solutions.

Now, organizations are starting to implement various strategies to protect their businesses from the potential risks of exposed emails. One such method is hiding email addresses with redirect services. Obscuring email addresses when entering third-party databases ensures malicious actors cannot access a business’s confidential information.

Organizations also utilize email authentication protocols to verify that emails from their domains originate from an authorized source. This will help to reduce the chance of spoofed emails entering inboxes, as well as improve deliverability. These measures have succeeded in improving email security and protecting organizations from malicious actors.

Are email redirect services the right answer?

Email redirect services are a valuable tool for organizations to protect their data from malicious actors. By obscuring emails in databases, organizations can reduce the risk of unauthorized parties accessing sensitive information. Additionally, email redirect services are relatively easy to implement and cost-effective compared to other cybersecurity measures. While redirects should not be the only answer to secure data protection completely, they can form an essential part of a comprehensive security strategy that includes two-factor authentication, multi-factor authentication, educating employees on secure passwords and policy development.

How to approach your organization’s email security

Organizations must carefully consider the risks associated with exposed business emails and take steps to protect themselves. Email redirect services can be a valuable tool; however, it is crucial that organizations also assess their overall security strategy and make sure they are taking all necessary measures to protect their data.

When assessing an organization’s email security, it is essential to consider how internal adoption will be achieved. This involves ensuring that all employees, regardless of their technical background, understand the risks involved with exposed business emails and know how to protect their data from malicious actors. While departmentalizing the adoption process to smaller groups that see a larger volume of emails can help make the transition easier, it is essential to ensure that everyone in the organization understands email security. This is achieved through a clear email security policy, communicating it across the organization and training staff on data protection.

While email anonymity plays a significant role in protecting data, it is just one part of a comprehensive security strategy. There are other aspects of cybersecurity that need to be taken into consideration too. Social engineering techniques like those employed in the Lapsus$ attacks on Rockstar Games and Uber require detailed information about an organization’s internal processes and job descriptions. Ensuring these details remain confidential is essential for keeping your business safe from cyber threats.

Protecting your business from email exposure

In the end, email security is integral to any organization’s data protection strategy. By taking steps to obscure email addresses in databases, enforcing policies that protect sensitive information and educating staff on good password practices, organizations can ensure they are protected against cyber attackers looking to exploit exposed business emails.

To further increase protection, businesses should also use two-factor authentication (2FA) to verify user identities when logging into accounts and invest in secure email gateways which automatically filter out malicious emails before they even reach employees’ inboxes. Taking these steps can help guard against costly long-term security breaches and protect organizations from modern-day attacks.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today