5 email security gaps your customers are probably overlooking

| By:
Guest Author

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

Email is a significant source of security risk for businesses of all sizes, and customers that are paying attention are concerned. A new study from Osterman Research and Barracuda shows that four of the top five concerns of IT decision-makers are related to phishing, malware infiltration, and spear phishing, which all focus on email as a threat.

These fears are well-founded. The study found that 44% of attacks the respondents’ organizations encounter are account-takeover based, and 28% of organizations had a phishing attack successfully infect one or more systems with malware.

Despite this, many organizations still aren’t doing enough to protect against these types of attacks. As an MSP, you should help your customers do the due diligence to identify and address the following email security gaps.

User education

The Osterman Research study found that 6% of users never receive security-awareness training, and 33% only get training once a year or when they join the company. This training gap leaves organizations more vulnerable to email-based threats. Helping your customers establish a computer-based security training program to regularly test user security awareness will help close this gap, and it can create a new source of monthly recurring revenue for your business.


Many small businesses don’t have adequate backup processes in place that would make it possible for them to recover easily from a ransomware attack. Assess customers’ current backup processes and recommend making any necessary changes to improve it, such as moving to a managed solution that you can take care of for them.

Internal control processes

Business email compromise (BEC) is a growing threat as cybercriminals look for activities that are more lucrative than selling stolen data on the dark web. But, many businesses still don’t have processes in place that would help them prevent CEO fraud or BEC attacks, such as establishing a process for wire transfers that requires verifying the request through a backchannel. Helping your customers put these types of processes in place will help strengthen your position as a trusted advisor and could save your customers from a costly mistake.

Basic security technologies

As more organizations move to Microsoft® Office 365™ or other cloud applications, many of them are relying on the native security included with their email service or other applications. This can create problems because these solutions don’t offer the same level of protection and threat detection as third-party solutions. Help customers understand the differences between solutions and how more advanced technology can protect them from today’s sophisticated threats.

Bring your own device policies

Many businesses don’t have a clear understanding of what devices are accessing their networks as more employees opt to use personal devices, which can bypass the security measures businesses have in place. As an MSP, you can help customers address this by creating and implementing a bring-your-own-device policy.

Conduct an audit with each of your customers of their security infrastructure to uncover which of these email security deficiencies they need to address and prioritize the problems they need to fix. Email will continue to be a primary threat vector, so helping your customers fill these gaps and establish a multi-layered approach to email security will make their business more secure moving forward.