• by Ray Schultz , Columnist, October 31, 2017

Want something to be scared of today? Here’s two things that should frighten the life out of B2B emailers:

1. Employees are paying ransomware in ever-increasing numbers.
2. Security systems are getting so tight that they are preventing employees from accessing websites and even doing their work.

None of that is good for companies marketing to other companies. But how big is the threat?

Intermedia found in a study that corporate hijacking is on the rise. Worse, among 1,000 office workers studied, 59% of the employees paid the ransom themselves, and 37% said their companies paid.

We don’t quite understand why employees would pay, unless they figured the attack was their fault. Moving on, however, the percentage was even higher for those who fell prey to theWannaCry attack — 69% paid it themselves.

And Millennials are not as savvy as you might think: 73% paid a work-related ransom. And 68% of the affected business owners or executive managers said they personally paid.

Overall, small businesses are especially vulnerable to ransomeware, Intermedia reports. 

So that’s the threat. But the cure may be worse than the illness, judging by a survey by Bromium. It found that of 500 firms polled worldwide, 88% restrict access to websites and applications.

“On average 11 hours a week of IT, security and help desk time is spent fielding users’ complaints and requests for access to websites, applications and documents that have been blocked by security policies or tools,” Bromium reports.

That includes attachments from unknown third parties. 

But that’s somewhat wrong-headed.

This focus on security is “based on the clear and present danger that exists with the threat of breaches and fraud,” observes Ryan Phelan, VP of marketing insights at Adestra. “As such, some companies have taken the extreme approach of enforcing policies that actually prohibit business.” 

Phelan adds that “this is due to a common disconnect between the operational side of the business and the security side.  One is motivated by profit, and one can be driven by the ever evolving threat.” 

Jay Schwedelson, CEO of Worldata, offers another view. 

“The biggest development in corporate email security is not tighter controls on the inbound emails coming into a network but rather, the movement of corporate emails to the cloudEmail cloud options such as Office 365 are changing everything,” he says.

Schwedelson continues: “The cloud removes corporate emails from direct access to a company’s local infrastructure in many ways.  A variety of security elements are able to be layered into the use of programs such as Office 365 that make it easier to scan and stop viruses and malicious moles prior to touching a company’s internal infrastructures.”

He adds that “these various cloud-based email tools are filtering more and more on engagement at the user level rather than at the network level. So in many ways, corporate email is beginning to operate more like consumer email in terms of what goes into junk/clutter/spam.”  

What to do? The key thing for “marketers is to be relevant and compelling in what they are sending. The number of network administrators who have clamped down and are restricting email access from particular senders has not grown in a significant way over the last 18 months,” Schwedelson concludes.

Looking at the other side of this, let’s say you work for a company that has such rigid security in place.

“Common advice is simple, but yet overlooked.  It’s communication,” Phelan says. “Communication about who companies are interfacing with, their expectations along with current systems that exist and how restrictions actually prohibit business.” 

Ryan sums it up: “It’s also communication and training about the present and evolving threats so teams understand the landscape.  The root cause of security overreach, is a misunderstanding of the realities of digital business.”