Around 3.4 billion phishing emails are sent daily.
It boggles the mind. But such a high number could suggest that people continue to fall for phishing. They’re becoming more sophisticated, too. Plus, it has become a lucrative industry for cyber-criminals.
Can you ever fight cyber-crime? How do you avoid the threats that come via email?
Know Your Enemy: The Biggest Email Threat to Your Business
It pays to know the most common threats that target our email inboxes. Let’s see what we’re up against:
Phishing
The most common cyber threat, phishing involves a devious email that looks legitimate. It aims to trick the recipient into providing sensitive information. When attackers get your information, they can infiltrate your system and access your data.
Spear Phishing
A highly targeted phishing type, spear phishing gets information from social media or other sources to create personalised emails. Business email compromise (BEC) is a form of spear phishing and a top culprit in getting employees to reveal confidential business information.
Ransomware
When an email recipient unknowingly clicks on a malicious link, it installs malware on their computer. The malware then encrypts your files, and then the criminals will demand a ransom payment in exchange for decrypting your files. In some cases, your data could end up on the dark web, for sale to the highest bidder.
Email Hijacking
Email hijacking happens when someone gains unauthorised access to your account. The hacker then uses your account to send spam emails, steal sensitive information, or access online banking or other services.
Your Defence: Email Security Measures to Protect Your Business
Email security is crucial to preventing cyber-attacks on your organisation. Here are the most effective ways to stop those threats:
1. Implement Strong Password Policies
Ask all your staff to use strong passwords: at least 12 characters long (longer is better), with a combination of uppercase and lowercase letters, numbers, and special characters.
Below are other password security practices you can implement:
- Never write down your password, save it in a file, or take a photo of it.
- Never share your password with anybody.
- Change your passwords regularly.
- Use a reliable password manager app.
- Use a passphrase with three unrelated words.
- Use a different password for each of your accounts.
2. Use Multi-Factor Authentication (MFA)
MFA adds extra layers of security to your email. Aside from your password, MFA may require:
- A PIN sent to your phone or email
- A code on your authenticator app
- A fingerprint
- Facial recognition
You can enable MFA in your account settings in Outlook or whatever email app you’re using. Ask all your staff to do this.
3. Activate Email Security Features
Use your email’s security features and settings for anti-spam, anti-phishing, and anti-malware. Some may also have the capability to protect sensitive information, or detect and deflect unsafe links or attachments in real-time.
Ask your IT staff or provider for guidance about other protection features such as firewalls, attack surface reduction, automated detection and response, and managing mobile devices and apps.
Cyber security solutions like ADITS’ CyberShield can help you against sneaky email threats. It can help in implementing advanced policies on email threat protection, including advanced attachment scanning and link checking.
4. Don’t Click Links, Don’t Open Attachments You Didn’t Ask For
It’s always safer to not click a link, so:
- Never click links or attachments that are suspicious.
- Never click links or attachments in emails from unknown senders.
- Never click links or attachments even from known senders UNLESS you have verified that it’s really from them. (Call them if you need to.)
- Never click links or attachments in emails you are not expecting.
Ask yourself: What’s the worst that could happen if you don’t click a link?
Note that malicious links or attachments usually includes subjects or messages that stress urgency, stir a fear of missing out (FOMO), or try to gain your trust. Beware:
- Watch out for subtly altered email addresses or company names (with A replaced by 4, I replaced by 1, and similar character swaps).
- Take caution with zip files. They can contain malware.
- Attachments with exe, .vbs, .scr, .cmd, and .js filename extensions are prime suspects, but it doesn’t mean other file types are safe.
- Use an attachment scanner.
5. Keep Your Email Software Updated
Any app or software can have vulnerabilities, and the best way solution to that is keeping your software updated. Updates usually have new patches or features that improve your software’s performance, security, and compatibility.
Choose to enable automatic updates in your email software settings or manually check for updates regularly. Either way, install updates as soon they are available.
6. Build a Cyber-Aware Culture
Don’t think about email security only when you’re using email. Develop a cyber-aware culture in your organisation, where each person becomes responsible for repelling cyber threats.
Demonstrate your personal commitment to email security.
- Lead by example. Do as you say.
- Talk about email security regularly.
- Make it a part of the performance review process.
- Allocate a budget to cyber security initiatives.
- Offer incentives for contributing to your cyber security campaign.
7. Stay Informed & Educate Your Employees
Achieving a cyber-aware culture involves training and education. Keep yourself up-to-date with cyber security news.
Follow email security experts and industry groups on social media. Subscribe to email security newsletters. Attend cyber security conferences and events. You could even take online email security courses.
Of course, don’t keep it all to yourself. Share what you learn with everyone. Develop a cyber security training program that your staff can enjoy. Do regular trainings. Simulate situations so they know exactly what to do. Be generous with information via email, posters, flyers, etc.
Be Vigilant: Do These Today
Implementing email security measures doesn’t have to be expensive. Take the next step: instantly apply these email security tactics to protect your organisation in Brisbane, Townsville, and beyond.
For more information about email security and cyber security solutions as a whole, our specialists can give you a free consultation today. ADITS is your ally against all cyber threats and we’re just one call away at 1300 361 984 (Opt 3).
Stay vigilant.