Cyberattacks pose a massive threat to businesses both large and small — and they’re only increasing in 2020. With the current trend towards working from home, businesses have been forced to rely on cloud-based infrastructure, often at the expense of security. Unfortunately, cybercriminals are exploiting this phenomenon, with phishing scams rising at an unprecedented rate, according to Interpol.
Email has become such an integral part of everyday life that it can be easy to overlook the cybersecurity threat it poses. However, with less oversight of your employees’ online activities, it has never been more important to get your business’s email security in order. This article is the first in a series that will take a deep-dive into email security best practices, including how to secure email servers and how to avoid phishing scams.
Common types of email security threats
Let’s start by taking a look at some of the most common email security threats to watch out for.
Email-delivered malware is malicious software that’s designed to cause disruption or extract private information from a programmable device, service, or network. Cybercriminals use ransomware and data harvesting malware to collect private financial, medical, government, and business information they can sell on the dark web or use to manipulate their victims for financial gain. Emails may be used to carry out malicious attachment attacks, which brings us onto our next point: phishing.
Phishing and whaling
Phishing is a type of social engineering attack that sees criminals attempt to trick recipients into opening a malicious email attachment or link by posing as a trusted entity. The aim of any social engineering fraud is to gain access to valuable data such as login details or banking information or to infiltrate a system to spread malware. Phishing is the primary vector for ransomware, where the victim is prevented from accessing their data or network unless a ransom is paid. ‘Whaling’ is phishing that targets the most powerful positions in an organization, such as owners, presidents, CEOs and board members, and division managers.
Spam emails are typically unsolicited, commercial, and sent out en masse. Aside from being annoying and potentially overloading emails servers, these emails can often be part of a phishing scam or malware attack. Alternatively, spam emails may contain blackmail threats.
Inadequate user training
Email security threats can also be internal. Poor user training can result in unintentional mistakes by authorized users, such as employees forgetting to log out of an email account, sharing documents with links outside your trusted network, or recycling the same password over and over on multiple devices. And the most serious error – failing to recognize signs of phishing or malware. These will be discussed in detail below.
Quick tips for boosting your email security
The good news is that, with the right software and training, the security threats posed by email can be all but eliminated. Here are some quick tips to help mail server administrators boost email security. We’ll discuss these more thoroughly in upcoming articles.
Prioritize secure email passwords
Using a weak or common password is like leaving a welcome mat out for cybercriminals. Never use typical words and phrases, such as “password”, “1234”, “qwerty”, your name, or your birth date. Strong passwords tend to include a random mix of upper and lower case letters, numbers, and characters. And don’t settle on just one. Use a different password for every account you have, and change each of these passwords frequently. Failing to do this can result in all of your accounts being compromised as a result of a single cyberattack. Better yet, require your employees to use Multi-Factor Authentication (MFA), which adds a second layer of security beyond their passwords.
Watch out for malicious links and attachments
Malicious emails are created with the explicit intent of launching an attack on your computer. The method of attack can come in the form of PDFs, documents, hyperlinks, and more.
Don’t open any attachment or link unless you know who it is from and are already expecting it. If you do receive an attachment or link from someone you don’t know, don’t open it; delete the email immediately. If you are unsure whether the sender of a link is legitimate, try hovering your mouse over the hyperlink — the real URL will then appear in the lower left of your browser; if it shows numbers instead of a domain name, do not trust it.
Use anti-virus software
Always use anti-virus software on your local machine and make sure it’s kept up to date with the latest virus definitions. Email security software guards against cyber threats like malware and phishing emails by creating a firewall. Incoming emails arriving at the firewall are scanned for content and funneled through spam filters before ever showing up in your inbox.
Don’t reply to spam emails
Never reply to spam. Even if you’re only responding to give the spammer a piece of your mind, it will confirm that your email address is active and could result in you being targeted for future campaigns and scams. Besides, it’s highly unlikely that your reply will ever reach the “sender” as they will have created a forged sender address in a practice known as email spoofing. You should also avoid clicking the “Unsubscribe” link in a spam email as this, too, will confirm your email address is active.
Learn how to spot email fraud
Most email phishing scams aren’t well polished and are relatively easy to spot. Check the subject line for a spam alert, and always look out for typos, spelling, and grammatical mistakes in the email.
Always log out
Be sure to log out of your email account, especially when you are using a computer or device that isn’t your own.
Train your team on email security measures
When it comes to cybersecurity, you’re only as strong as your weakest link. Prioritize end-user security training in your workplace. Sharing email security tips with your entire team will ensure your whole business is protected.
Contact Jasco to improve your email security
Jasco Technology can bolster your email security practices and protect your business from malicious malware. We offer dedicated IT services for your entire business. We can recommend solutions designed to fit your organization’s unique needs and provide the cybersecurity you need to grow your business confidently and securely.
Get in touch with us today for a 20 minute introductory consultation.