Pagoda Blog

Top Email Security Threats for 2021 and How to Avoid Them

October 7, 2021

Email is still the primary channel for business communication and marketing, making it especially important to keep your inbox secure and clear of spam. With the rise of the remote workforce, more and more companies are also moving their email to the cloud, improving access but potentially increasing the risk of a breach if proper security protocols aren’t in place. 


For any business utilizing the convenience and efficiency of the cloud, a multi-layered security strategy that includes cross-departmental cybersecurity training is critical. Cybersecurity awareness, specifically around email use, can greatly reduce the risk of falling prey to a cyberattack. It can also improve productivity by decluttering your inbox. 


Below we explore the top email security threats in 2021 and how to mitigate the risk. 


Spam overloading your inbox 

Spam is still one of the primary threats to email security and productivity. Spam can take the form of benign, but still annoying, marketing emails that start flooding your inbox without your permission. This type of spam takes up valuable space on your email server, blocking the mail you want from getting to your inbox. It can also slow down your network, hurting productivity and efficiency of operations. 


Spam can also be purposefully malicious, containing links or attachments with viruses or malware. Malicious spam can lead to a data breach, compromising valuable company and/or personal information that could damage your reputation and result in significant financial loss, among other negative long-term impacts


Types of spam to look out for include social engineering and phishing scams. These types of emails appear to come from a trusted source, such as a work colleague or vetted institution like your bank, but are actually sent from a cybercriminal. The falsified email message may request login credentials or prompt the target to click a link that appears to lead to an official, trusted website but actually installs malware onto their device. According to Verizon’s 2020 Data Breach Report, 22 percent of data breaches are linked to phishing attacks and social engineering. And of these attacks, 96 percent originate in someone’s inbox. 


Take action 

Use your email server’s filtering options and make sure to permanently delete junk mail to free up space. To prevent someone on your team from falling prey to a phishing attack, regular cybersecurity training is essential, in addition to good spam filters and anti-malware software. 

Finally, when spam does make its way into your primary inbox, make sure to report it as spam before you delete. 


Phishing attacks targeting third-party suppliers 

Phishing scams are potentially shifting away from targeting C-Suite executives to focusing on trusted third-party suppliers. By targeting the employees of a third-party supplier, a cybercriminal can potentially gain access to thousands of other companies who purchase that supplier’s products. This exact scenario happened recently with the SolarWinds cyberattack that compromised the networks of 18,000 organizations, including nine U.S. government agencies. 

Take action 

This is a perfect example where it’s critical for your entire team to receive cybersecurity training. Everyone, across departments, should know how to spot potential email scams — even those that are more sophisticated and masterfully imitate a trusted contact, such as a company you’ve done business with for years over email without a second thought.  


Fraudulent emails bypassing spam filters

New email domains have become easy and cheap to purchase, allowing cybercriminals to regularly use brand new emails, with clean records, for their attacks. With no record of fraudulent activity, these email addresses have yet to be blacklisted so easily bypass spam filters. 


Take action 

If you receive an email from an unfamiliar sender, don’t click any links or reply with sensitive information. Either immediately mark the email as spam, or if you’re unsure of its intent, look for another way to contact the company to verify legitimacy. This can be done by opening a new tab and conducting an online search for the company contact information. 


Weak security for cloud-based email

As an increasing number of companies switch to cloud-based email, the risk of credential theft through phishing and social engineering scams only grows larger. While cloud-based email is a great choice for companies transitioning to a long term remote workforce, the built-in security structures are often not robust enough to adequately protect your data. 


For example, Microsoft’s basic spam filter, Exchange Online Protection (EOP), is notorious for letting through a large number of phishing emails. EOP relies on real-time blackhole lists (RBLs) to determine whether or not to flag an email as spam. The problem with this method, as explained above, is that cyber criminals can easily purchase a new email domain with a clean record, handily bypassing the filter and landing in your inbox.  


Take action 

To enhance security and reduce the risk of an employee opening and responding to a scam, it’s important to invest in additional spam protection for cloud-base email. Microsoft offers an Advanced Threat Protection package with more sophisticated anti-spam and anti-phishing tactics, well worth the upgrade. If you’re in an industry that handles sensitive client information, especially if you must comply with HIPAA, a third-party email security solution is your best bet. Mail Assure provides protection against email-borne threats and seamless integration with Microsoft 365 and Google Workspace to ensure your data is secure without compromising convenience. Just like we recommend an Office 365 enhanced backup, an additional layer of email security through a third party like Mail Assure will only make your defenses stronger.


Don’t take your inbox for granted

It’s all too common to rely solely on your email server’s default security settings, blindly trusting that the basic spam filter will be enough to weed out bad apples. As phishing and social engineering scams only become more sophisticated, however, implementing multiple layers of security for your inbox becomes increasingly important. First, invest in reliable anti malware software and advanced spam filters to greatly reduce the odds of spam ever reaching your inbox in the first place. And then, invest the time to regularly train your entire team in how to spot a phishing email in case malicious emails bypass your spam filters. 


Feature photo by Mikhail Nilov from Pexels


Related reading: 

8 Cybersecurity Myths That Put Your Small Business at Risk 

How to Safeguard Your Twitter Account 

9 Security Tips for Working Remotely  


Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing



Want IT to serve you better?





About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.


Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn