Google Finds Companies Receive Considerably More Malware in Inboxes Than Individuals

If you read Google’s security blog or were at the recent RSA security conference, you may know that corporate email receives 4.3 times more malware than personal accounts. The biggest targets appear to be chosen based on a few factors including size of the organization, the type of organization, in which sector they do business, and the country of origin.

Non-profits were the biggest targets, receiving 2.3 times more malware than other types of organizations. Education is at 2.1 times as much malware, and government and business followed behind at 1.3 times and 1.0 times respectively. These numbers are as of Q1 2017.

Gooligan was certainly one reason Google may be particularly interested in these numbers and in protecting customer data. This malware infiltrated 1 million Google accounts last year and was able to escalate privileges on Android devices. It also allowed hackers to steal Google account information, install other malicious apps, and do more damage, if they saw fit to do so.

Google recommends using its multifactor authentication (MFA) to add protection to email accounts. This could be a one-time code that is entered in addition to your password that is sent via text, voice messages, or within the Google app for mobile devices. Google has also started supporting security keys. These are additional hardware products that are inserted into the computer’s USB port or use the Bluetooth functionality on mobile devices.

For businesses, consider using their hosted S/MIME feature as well as the TLS encryption indicators. These ensure that only the intended recipient(s) are actually reading the email.

And for everyone, make sure to take time to read those dialogue boxes and warnings that a site might be phishing or trying to execute malware.

Malware wasn’t the only problem Google found geared at companies, although it did find that real estate companies are targeted far more often with malware (10 times more) than others. Phishing attacks and spam were also sent to corporate inboxes 6.2 times and 0.4 times as much respectively. Science related companies in Germany receive 9.6 times for phishing attempts than their counterparts in the U.S. Inboxes in India and Japan receive the most spam.

© Copyright 2017 Stickley on Security