Email is by far the most common mode of business communication. However, it is frequently overlooked in terms of cybersecurity. Basic spam filters are no longer adequate. As many as 90% of cyber attacks begin with phishing, and it only takes one mistake for a catastrophic attack to occur.
Something has to change in this situation. As part of our series on best practises for security, we're taking a closer look at email security and some of the steps you can take in your business.
How to spot a phishing attempt
Phishing attacks have become more sophisticated in recent years, resulting in hundreds of thousands of breaches each year. However, there are some warning signs that your team can use to stop hackers in their tracks.
- Pay attention to the sender's address rather than their display name. To appear authentic, attackers will frequently use a display name from a well-known company. Their address, on the other hand, will usually contain a random string of letters and numbers that can be used to identify a scam.
- Be wary of links; these are how cyber criminals gain access to your data or trick you into downloading malware. The destination of this link is usually displayed or can be seen if you hover your cursor over it. Don't click this link if it doesn't display the expected address from the person who claims to be sending you an email.
- Check the email's content. Be extremely cautious if the email mentions passwords, payments, or security information. Keep the following Google disclaimer in mind:
"Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you're asked to share sensitive information, it's probably an attempt to steal your information."
Most corporations, including banks, will have a similar policy.
Why you should never use public Wi-Fi to access work email
Accessing Wi-Fi that isn't password-protected poses a slew of risks to work devices. Email is particularly vulnerable. If you use public Wi-Fi to access your email, any malicious users on that network can essentially act as a middleman, intercepting any emails sent. Even if you don't open your email app, inboxes update automatically when you connect to a new network, so we recommend not connecting at all.
If you don't have a signal, using mobile data or a colleague's mobile hotspot is the way to go. VPNs can also be used, but only to encrypt data sent rather than to prevent it entirely.
How to make the most of multi-factor authentication
When it comes to email, multi-factor authentication (MFA) is something to think about. This service adds an extra layer of security and virtually guarantees your safety from brute-force hacking attempts. Microsoft claims that MFA can prevent 99.9% of account compromise attacks.
MFA does not require any external hardware or complicated processes to be implemented. It doesn't even have to be implemented immediately across your entire team. We recommend beginning with a role-based approach, in which employees who handle the most sensitive data are the first to receive the most up-to-date security measures.
Email protection services to consider
Best practises must be supported by the best software. There are numerous options for businesses to consider when it comes to securing their company emails. Password managers, spam filters, threat protection, and phishing awareness training are just a few examples.
KnowBe4 is an excellent tool for protecting your company from phishing attacks. It combines security awareness training and simulated phishing attacks to keep your team up to date on the most recent threats. With the world's largest library of training content and email templates, we believe it's an excellent choice for any business.
Hornetsecurity is another excellent option for email security. It's a complete security solution that includes email encryption, advanced threat protection for your email servers, and spam filters. Hornetsecurity even provides email archiving, which allows you to save a copy of each new communication, reducing the risk of deletion or corruption.
There are numerous additional services available to assist you. Keeper password security and Heimdal, a fantastic holistic security solution, are two examples. Contact Brigantia today at 020 3358 0090 to learn more about these and other services.