Cyber criminals and hackers are capitalizing on COVID-19 to exploit fear, uncertainty and doubt – and with employees largely working from home, risk is proliferating at an accelerated clip.
Even before COVID, the phishing threat was enormous, with 90% of cyberattacks initiated with a malicious email. That’s why, in the face of the global pandemic, it’s perhaps more important than ever for companies to have robust email security infrastructure in place.
Even with anti-phishing tools in place, it can remain a daunting prospect for many mid-market companies and above to tackle business email compromise (BEC), credential theft, polymorphic phishing attacks and other modern phishing attack techniques designed to defeat legacy security safeguards.
Orthopedic leader turns to self-learning email security
We recently had a virtual sit-down with Neil Stein, SVP of technology services at OrthoCarolina, one of the largest orthopedic practices in the country. Under the direction of Stein, OrthoCarolina recently completed the migration from on-premise email to Office365. With the inherent risks of cloud-based email, Stein charged his value-added reseller with introducing him to an email security solution that would act as an additional layer of anti-phishing in conjunction with Office 365 Advanced Threat Protection (ATP) and IronPort.
The Q&A dives into OrthoCarolina’s approach to email security, the threat landscape and how IRONSCALES helps their IT team simplify email risk mitigation for the company’s 2,000 employees.
Q. Why was implementing self-learning email security important for your company?
A. Our employees are busy healthcare professionals and they don’t need any extra burdens or stressors adding to their workload. With 90% of attacks originating via email, our top priority is to keep our data secure and it’s important to have a simple, effective way to do that.
Q. What was most compelling to you about IRONSCALES when searching for an email security solution?
Phishing works because malicious content gets through most standard email security systems. Considering I’m the defacto CISO of OrthoCarolina, among other things, it’s vital that I put the technology in place to protect end users. We needed to build confidence in our systems’, so employees don’t lose any sleep over the fear of getting hacked or exposing the company to risk. With banners, warnings and intuitive self-management, it’s easy to prove that IRONSCALES is protecting our company. And it really is essential to have the visual tools that IRONSCALES provides to show our board and to easily demonstrate that our email security system is secure.
Further, we can’t have our IT folks, who are already stretched thin, be responsible for phishing protection 24/7. That’s why IRONSCALES is so valuable – it was a simple integration to our current Microsoft Office365 system, and it keeps things safe no matter the time of day or location of our employees.
I don’t want to make email use cumbersome. It’s supposed to make communication easier and I wouldn’t consider using any tool that gets in the way of that. IRONSCALES makes it easy to know we’re only seeing the emails we’re supposed to – we have a proverbial tight ship and IRONSCALES supports us on that journey.
Q. How have your employees responded to IRONSCALES? Has the technology shown a real improvement in phishing prevention, detection and response?
A. Well, this was a really simple deployment process. We were looking for a tool that had easy implementation and was uncomplicated to manage. And what really attracted me to IRONSCALES was that it prevented even the opportunity for an employee to make a mistake, because the platform blocks phishing emails from getting in front of my employees in the first place.
The OrthoCarolina board of directors has already seen the value in IRONSCALES, too. All I have to do is share with them the dashboard that captures how many malicious emails are getting blocked and they’re impressed. Mitigation is the top priority for them, so the fact that we don’t hear any complaints about email breaches is really a good sign.
Q. Are any of your employees using the mobile app?
A. Although things are a little different right now with COVID-19, normally (and hopefully in the near future) we will again have team members traveling to conduct business for us. We’ve already advised them to install the mobile app. They will certainly find it useful to stay secure on the road.
Q. What do you perceive as the primary benefits of IRONSCALES?
A. The various layers of email security we needed to feel confident in our system weren’t possible before IRONSCALES. Since March, we’ve seen a lot of targeted attacks, I’d say about a 30-40% increase, which we attribute to COIVD-19. If we hadn’t had IRONSCALES in place, I would have been a lot more nervous of a breach happening. Plus, our primary focus has to be on our patients during this trying time and having this simple platform to plug into our API was a huge relief.
I want to reiterate again that my main goal with technology is to get out of our surgeons’ way. They need to know their inboxes are secure, they need to be able to use it easily and they need to only receive emails there that they care about and expect. That's the biggest benefit of IRONSCALES for me.
Q. How does IRONSCALES stack up against other cybersecurity companies you’ve worked with?
A. A lot of vendors I’ve worked with over the years have tech that works just fine. But they don’t go that extra mile to actually provide the business side of what I need. I was talking to my IRONSCALES team recently about a presentation I needed to make internally. Very quickly, they updated our dashboard to provide exactly that information and it was so easy for me to translate those numbers and demonstrate how the platform is keeping us secure. IRONSCALES really listens to its users and customers, which is an invaluable trait for OrthoCarolina.
Thank you, Neil, for sharing your experience with IRONSCALES.
Interested in learning more about how our self-learning email security platform can help your company reduce email phishing risk? Check out our solutions page.