Our Email Security Top 10 Tips

25/03/2020 16:17 By Bill

Over 90% of All Cyber Attacks Start with an Email

Tip Number 1 Understand Cyber Crime and Methods Used


Cybercrime comes in many shapes and forms, ranging from harmless pranks to company bankrupting crimes. BEC (business email compromise) attacks should be considered one of the biggest threats to businesses today. They have cause billions in company losses and continue to evolve and multiply at an alarming rate. Always be careful with instructions from CEO's and senior management as they may not be legitimate, query them if they are outside of the norm, especially when it says not to!

The first step in defence against cyber criminals, is a clear understanding of the various types of malware, ransomware, viruses, andphishing attacks and how they are deployed. Each of these target a specific type of user and require different precautions to be taken to avoid infection.

Be careful with information you provide on company websites, social media both company and personal as this information can be used by criminals to attack your organisation.


Tip Number 2 Be Wary of Public WiFi


One of the lesser-known email security tips is to avoid the use of public WiFi and devices Public computers and hot spots can be tempting for those users on-the-go, but their unsecured nature makes them a hotbed for cyber-attacks.

When a user logs onto a public computer they are completely unaware of who and what has been on that device in the past. While the machine may appear normal to a user, there could be unsavoury programs installed such as keyboard logger, waiting to collect credentials.

Hackers use public WiFi to lure in unaware victims, once connected, these victim’s computers become completely accessible. Once they have access, the hacker can view the computer’s information, lead the user to phishing sites, or trick them into downloading malware or ransomware.

The best way to stay safe in public is to avoid public WiFi and shared computers. If you can't get away from not using public WiFi then try using a VPN as that will encrypt all your traffic.


Tip Number 3 Know What Your Opening


The majority of cyber-attacks happen through email as it is the easiest way onto a user’s computer. Proper education and training should be completed by anyone who interacts with email on a regular basis as standard. Hacker tactics are getting more advanced and authentic looking by the moment, so users should always be aware of how to detect a malicious email and what to do if they receive one/open one by accident.


Tip Number 4 Stay Safe on Mobile Devices


Although not publicised as much as desktops & laptops, mobile devices can and do, still get attacked. A user’s device is not only vulnerable through email and phishing sites, user’s must also bewary of the apps they are downloading. While Android devices are more likely to be attacked, iPhone users should also be cautious to ensure safety. Be sure not to visit any potentially dangerous sites or download any unknown attachments with-out putting in place other security strategies.

All organisations should put in place the ability to wipe clean a mobile device that has been lost or stolen preventing access to the corporate email or other systems. Users are becoming more mobile in their working day and this will only increase with time which will open more threat vectors to your business.


Tip Number 5 Use an Email Security Service


Email security is nothing to take lightly, especially when the number and sophistication of these cyber-attacks are increasing. Email security companies use filters and other tools to help sift through email looking for spam and potential attacks.

The biggest advantage of enlisting an email security service is the ability to combat both known and unknown attacks. If you use a cloud-based service these use threat intelligence and your protection is constantly updated keeping the malicious emails at bay.

The majority of providers also have additional services that will help in keeping your business safe, such as Encryption, Advanced Threat Protection, Archiving, and in case of a disaster or loss of normal email capability an Email Continuity service.


Tip Number 6 Educate and Train Your Users


Do you train your users in what to look out for in suspicious and who to report it to? To enhance your security posture users should be educated on avoiding threats sent by email such as not opening emails from unknown sources, taking care when opening attachments or clicking on links and checking the senders email address to ensure it isn’t a spoof mail.

We are all busy every day and sometimes our usual care and attention wavers as we want to get on and the cyber criminals count on users not be vigilant 24/7 and are always trying new ways to exploit us. Some of the malicious emails today are disguised very well and unless you have a cycle of training and education for users the increase of them being caught out increases. Also, Death by PowerPoint is not always the way!


Tip Number 7 Back Up and Test!


One of the best email security tips an organisation can take onboard is to frequently back up their data and ensure that you can recover them!

Ransomware attacks are happening more this is mostly due to the high ROI the attack awards the hacker. Once installed, these attacks start by scanning through the user’s computer, selecting files and encoding them. When encryption is complete, the user is notified that their files are being held for ransom and the user must pay a fee to get your data back.

This type of attack can cause severe damage to a business, leaving them with nothing more than shell of a network. This leaves you with the option to pay the ransom or to lose all your data, which isn’t practical for a company. Only half of the businesses that pay the ransom get their data back and by paying it you are opening yourself up to further attacks.

Backing up information on a consistent basis is the best and easiest way to protect your business from a ransomware attack. Since the user will already have a backed-up version of their information, there will be no need to pay the ransom.

Taking back-ups are all well and good but if you can’t recover the data, they are pointless so don’t forget to verify that your back-ups will work when needed.


Tip Number 8 Encryption


A sent email does not follow a private dedicated route to its desired destination, it is not direct, your email will go through 3rd party servers on its route. Anyone along this route can look at or edit the original email without the sender’s or recipient’s knowledge and can lead to serious data and information breaches.

To protect against snoopers, users can use a range of tactics and email security tips. One of the most applied methods is the enabling of TLS encryption. TLS adds an additional layer of protection to email and stops hackers from being able to read the content of the email. If TLS cannot be enabled, or the destination server doesn’t have TLS enabled, emails will continue to be unsecured and the user should be cautious. TLS should be the standard today.

In general, users should protect their email attachments with passwords or by placing them in a zip file. This ensures the user’s files cannot be tampered with or infected on the path to its destination regardless of if TLS is enabled.


Tip Number 9 Who Has Your Email?


Email addresses are used for almost everything on the internet nowadays, but that doesn’t mean user’s should just hand theirs over. The more public an email address is, the more likely it is to be targeted for an attack by hackers.

User email addresses are also exposed to attacks through the email lists that are collected and compiled by companies and businesses. This leaves the security of the user’s email address to the company, which may or may not be completely secure.

Don’t reply back to Phishing or other malicious email scams, no matter how tempting it is, as it lets the attacker know that they have a valid email address that they can then use for further hacking activities and more elaborate ruses.

Look at obtaining a Dark Web Monitoring service to monitor for domain credentials being sold on the Dark Web.


Tip Number 10 Implement and Regularly Review


Agree an Email Security structure with the organisations Management Team and then implement it. At each stage of change train and educate all users, for the security structure to succeed it has to have buy in from everyone within the organisation. Add a reporting process for suspicious emails and a culture that is security driven without being restrictive to business practices will pay dividends in protecting your business and your brand.

Once you have implemented a structure and educated your users keep reviewing it on a regular basis. Threats are always evolving so you need to be aware of them.


 It’s not easy to keep up to date along with everything else you need to do but that’s why we are here so consider outsourcing some or all of your security requirements.



We love to talk security and are always happy to have a chat regarding your current setup and any ideas you have on how you could improve it and of course we would love you to take some of our products into your organisation to help you achieve your IT Security goals!

  

Bill