From time to time, a cyber security issue pops up that no one sees coming. That’s the case with the IMAP security problem that’s recently come to light. As a managed service provider, Aeko stays on top of cyber security and IT changes so you don’t have to. Rest assured that we are already addressing this issue for our clients.
What Is IMAP?
IMAP stands for internal message access protocol. It is one of the “legacy email protocols” and has been around since the 1980s. It replaced post office protocol (POP) primarily because it is more versatile.
When you download your email via POP, you can only access your emails from the device you are working on. If you get a new computer or other device, you will not find the same emails, only new ones.
When you use IMAP, the emails are installed on a server that can be accessed anytime from any device: computer, tablet, smartphone, etc.
The IMAP Security Issue
Cybercriminals have found a method to hack IMAP with an email appender. That means that they can get into your email without you knowing it, even if you have firewalls and other protection methods. IMAP also doesn’t support multi-factor authentication (MFA) so, if it is enabled, MFA is not being used to protect your mailbox.
But they can’t do it without the victim’s email credentials, which is one of the reasons it is so important to protect any credentials that are connected to you or your company. See the Aeko Password Management Guide for tips.
Using IMAP can circumvent all your security measures. So, until the industry comes up with a solid solution, the best choice is to disable IMAP entirely. If it is not able to be disabled for some reason, change to use Port 993, NOT 143.
Most managed service providers such as Aeko will train your employees on how to avoid this kind of hacking and also make sure your IMAP is disabled.
2021 Ransomware Response Checklist
Know what to do if you are hit with a ransomware attack! Get this free, easy-to-follow checklist to post and share with your team.