Every time you send and receive an email, you’re taking a risk. There’s ransomware, phishing, viruses, and compliance violations to be wary of. From CEOs of big corporations to secretaries who manage client emails all day every day, everyone needs to be aware of the best email security practices to follow to ensure that your emailing behaviour doesn’t become the very thing that brings your company to its knees.
To take the guesswork out of the process of drawing up an email security strategy, we’ve included some tips and advice for the correct and most effective security practices for your business. Before we investigate these practices, let’s learn more about the risks involved in using email.
the common threats
Regardless of its size, every company must have a cybersecurity strategy in place, and email security forms part of that.
Many people believe that as they aren’t sending or receiving particularly sensitive information, it doesn’t matter whose hands their email falls into. However, this is a risky mindset as hackers aren’t only interested in your email content. They want access to an even bigger network and the front door for them is through your email. Once a hacker has access to your emails, the online world (your online world) is their proverbial oyster.
Cyber hacks and attacks are ever-changing. Over the years, they have progressed from simple phishing links to complex social engineering tactics and email security should form a critical part of your overall cybersecurity.
what to be aware of
Knowing what to watch out for is important. Here’s what to keep an eye out for.
These are emails that request money and sensitive information from a user. Spear phishing is when ‘someone else’ impersonates ‘someone you trust’ to get information out of you. You might receive an email stating, “Your online banking profile number and pin is going to expire in three days. Click on this link to register your new profile and pin.” Everything might look legitimate, but it’s not!
-
social engineering
Ever received an email or a pop up that says, “OMG, it looks like you in the video!” – well, that’s social engineering at play. This is when cybercriminals rely on you to click on a malicious link or attachment.
-
business email compromise
This is a form of spear phishing where a cybercriminal impersonates the CEO of a company or a manager. This type of scam relies on employees sharing sensitive information, which can be used to steal business data and even money.
-
spam
You know those emails that say, “You’ve just one a R1 000 Woolworths voucher!”? Well, this is known as spam, and most often, we fob them off as an annoyance when we click on it, and it takes us seemingly nowhere. What you’re not expecting is that a bot, instructed by the cybercriminal, sends you that link and when you clicked on it, spyware, malware or even ransomware is installed on your computer.
-
malware
Malicious software, called “malware,” often presents in the form of a Trojan, ransomware or some other program that attacks your computer system. In most instances, the files on the computer are encrypted, and you are requested to pay a ransom to get the key to unlock the encrypted files. Some types of malwares can get access to your computer camera or your entire device, which means they see what you see and do! Obviously, that’s a big risk.
-
botnet and ddos
Largescale spam and phishing campaigns are often managed by botnets which are groups of devices that are under the control of a cybercriminal. Often, these devices are used to overload a system or network in hopes of making it crash. This type of attack can cause absolute mayhem.
tips to the best email security practices
Email security is all about building as many walls as possible between your data and the cybercriminal. Cyber security should be no different to virtual security with multiple barriers making entry virtually impossible.
- Educate employees on best email security practices such as never clicking on unexpected attachments and links;
- Put rules and guidelines in place for all work email security.
- Make sure that your employees understand what kind of sensitive data they are likely to be handling.
- Encrypt sensitive email attachments through a secure hosting service.
- Activate 2 factor authentication – this will tighten up access points from end-to-end, which includes email.
- Add legal disclaimers to your emails so recipients are aware they cannot send that email on to anyone.
- Regularly change email passwords (and ensure they are difficult passwords)
- Do regular encrypted data backups just in case you ever fall victim to malware
- Update your operating system to avoid software vulnerability which is often corrected with updates.
How do you ensure that your company uses email safely? Share your tips and advice with us today!