Of all the cyber threats threatening your business, the dastardliest perhaps are those that enter right through the proverbial front door: email.
It makes sense for cyber criminals to choose the way into a business of least resistance. After all, email has become the essential communication tool between your employees and between them and your customers and vendors. Just try to think of one business you work with that you don’t use email as a form of communication. Exactly.
Everyone Uses Email. Everyone Must Take Email Security Seriously.
Because everyone uses email, everyone must take email security precautions. Email security is a matter of both corporate and personal responsibility. On the corporate side, it is the policies, procedures and ongoing commitment to email security education. On the personal side, it is your employees’ commitment to diligently follow those policies and procedures. Together, the two lower the risk of hackers accessing your company’s, your employees’, vendors’ and customers’ information.
Why is Email so Risky?
Email is one of the easiest ways for a hacker to infiltrate an organization. The majority of cyber-attacks and viruses come from email attachments. Dating back to 2019, a Verizon Data Breach Investigations report stated that 90% of malware arrived in an email and 60% of web application attacks were aimed at cloud-based email servers.
Email is a prime target for cybercriminals because:
- Unsecured emails can be shared, circulated and stored indefinitely
- Senders can misaddress an email, opening private information or data to be shared with unintended people
- Unsecured emails can be intercepted, altered, and forwarded without the sender’s consent
- Backup copies of unsecured emails may still be available even after the sender has deleted his or her copy
Unsecure Email Leaves Your Company Open to These Attacks
Unsecured email can leave your company vulnerable to many types of email-based attacks. Here are the three most common.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money (ransom) is paid. Ransomware attacks often occur via malware transmitted through emails such as Emotet, TrickBot and Dridex.
Making matters worse is that there is no guarantee that once the ransom is paid that the cybercriminal will unblock your system or hasn’t culled all your data first to use for nefarious reasons or release it on the web.
Spoofing tricks the email recipient into doing some type of action by imitating a known business, colleague or friend, or email contact. This could involve downloading an attachment packed with malware or a malicious file that can damage the operating system. Sometimes, a known sender will inadvertently forward along an infected download.
Phishing is similar to spoofing, in that the hacker deceives the victim with a legitimate looking message, using an official bank or company logo. Phishing will typically include a link that will suggest an action is required on the recipient’s end to provide updated personal information, such as a social security code, bank information, tax ID or other personally sensitive information.
4 Ways to Enhance Email Security
- Use strong passwords and change them often.
Mandate employees to change passwords every quarter. Ensure the password is strong and hard to guess by requiring a combination of upper and lowercase letters, numbers and symbols. Avoid words that are obvious to your company or to the individual.
- Add multifactor authentication.
Implementing two-factor authentication, such as using a password and answering a security question, can reduce email attacks.
- Commit to ongoing cyber security training.
Cyber attacks can happen to any business, and no employee is immune. It’s important your staff knows what to do when they receive a suspicious email and how to spot one. Ongoing training makes a difference in your company’s email security.
- Be diligent when opening email attachments and links.
Even if your company uses email scanning and malware blocking software, employees should be wary when opening attachments, especially with extensions associated with an executable program, such as .exe, .msi, or .jar. Word and PDF files also can carry malicious code. If a link is received in an email, verify the link goes to the real destination.
Need Help with Your Company’s Email Security?
Our email security expertise can help defend your company from cyberattacks. By effectively managing access and even helping train your team, we’ll help prevent potential threats from affecting your network. Contact us for more information.