Did you know that 90% of cyber-attacks are initiated by email? That’s right. And this year has seen an unprecedented number of attacks, bringing email security under even more scrutiny.
Cybercriminals recognise that email is the preferred method for confidential business communications, as well as an essential asset that businesses like yours cannot afford to lose access to for even a day.
The purpose of this blog post is to remind you to always keep your company’s email accounts safe.
To always be mindful of preserving your data and brand, and protecting your employees and clients from getting defrauded.
What is email security?
Email security is a term used to describe the various procedures and techniques used to protect sensitive information in email communication and accounts to secure against unauthorised access, loss or compromise.
Because of its popularity as a communication tool, email is often used to spread malware, spam and phishing attacks.
Cybercriminals fraudulently lure recipients to part with sensitive information, open attachments or click on hyperlinks that install malware on the victim’s device. Email is also a common entry point for hackers looking to gain access to a network and obtain valuable company data.
Ever heard of whaling?
By now you would have come across the term “phishing”. But have you heard about “whaling”? No, it has nothing to do with large sea creatures, but everything to do with theft and fraud.
A whaling attack is a targeted attempt to steal sensitive information from a company.
This may be done by hacking a mailbox and then skimming financial or other sensitive information for malicious reasons.
Mailboxes are often hacked to send spam. This breach is typically fixed by resetting the password. However, phishing or whaling can have more disastrous consequences, and compromised mailboxes can stay undetected for a long time.
Has this ever happened to you?
Your mailbox is hacked because you have used a weak password. Without you realising it, a mail forwarder or message filters are added to your mailbox to copy or divert your email to an external illegitimate address.
An incoming invoice is then fraudulently copied and updated with the hacker’s banking details. Because you expected this invoice, you make a payment without a second thought. Only to have the money transferred into a cybercriminal’s bank account.
It’s scary. But there are steps you can take to minimise the risks.
Simple ways to improve email security
It’s best to ensure that passwords contain a minimum of 11 characters, with at least one uppercase letter and one number for added resilience.
Password apps, such as those mentioned above, generate strong passwords (usually 14 characters in length) which don’t have to be memorised.
Never safe passwords in plain text on your computer.
Hackers can track down unprotected passwords. To protect your passwords, consider using an app such 1Password or LastPass, which allows you to store all your vital information in a central, encrypted space. Always beware of phishing emails that entice you to enter your mailbox login details.
While it may be more convenient to use the same password across numerous services, this can put you at serious risk. Hackers will try the email and password combination from leaked databases on other services.
Services like LeakBase and HaveIBeenPawnd (read more here) allow you to check if your data has been compromised in any way. If you find your details on these services, you should change your passwords immediately.
Install anti-virus and anti-malware software on your computer. If you haven’t, rectify this and run regular scans to check for any vulnerabilities.
If you’re using a public wifi hotspot or computer, make sure it’s reputable. Don’t do any online banking or send any sensitive information if you don’t know the network.
“Vigilance and caution are key,” says Mike Opperman, IT expert and owner of Logix Design & Development.
“Never enter passwords into links that you are unsure of and always look at the URL and email address to see if it looks legitimate.”
As mentioned above, a popular method of attack for hackers is to install forwarders on email accounts. This allows them to intercept messages you receive, and conduct fraudulent actions. To ensure that you’ve not been targeted, check your account regularly for forwarders and mail filtering rules.
Opperman adds that you should leverage the skill of your email hosting provider if you are not sure whether an email you have downloaded is malicious or not.
“They can run it through a spam filter to check. It’s much easier for someone to verify a mail for you instead of having your account hacked or suffering a ransomware attack.”
If you need help with email security, please contact us and we will run a free check on your account.