The average worker spends 30 hours a week in their email program and much of that is sifting through spam and trying to avoid falling prey to phishing emails, which are still the number one delivery method for malware and other cyber threats.
While many cybersecurity solutions target network intrusions and combine protection with managed IT services, not all companies understand the email security best practices to follow to stop the onslaught of threats coming through daily in email messages.
When it comes to phishing attacks, Australia holds the unwanted title of the world’s most targeted country. According to Kaspersky Labs, Australia recently bumped Brazil, the UK, and Canada out of the top position, being targeted in 24.4% of all phishing attacks.
Phishing has definitely become more sophisticated in recent years. Those misspelled emails with grainy images are used less often, and instead hackers use tactics like using company names and titles gleaned from the web and creating emails that look almost exactly like the real thing, employing the use of a logo and signature that matches the company they’re pretending to be.
As attacks get more sophisticated, companies need to be aware of how to safeguard themselves.
Common Types of Email Security Threats
The most common types of threats coming into employee inboxes include:
- Malicious file attachments
- Dangerous links to websites that do “drive by downloads” of malware
Some of the most common ploys used in these phishing attacks are:
- Purchase order
- Request to update your account password
- Shipping notification
- Bank account breach that you need to login and check
- Request for Quote (RFQ)
- Fake sales receipt with link
- Email purporting to be from someone at your office with a link
While you may not be able to stop the criminals from attempting to breach your network and devices through email, you can adopt some email security tactics that will fortify your defenses and help ensure your business doesn’t become the next ransomware or malware victim.
Best Practices to Use for Email Security
From cybersecurity training to backstopping your users with advanced anti-malware protection, there are multiple things you can do to ensure your email security is as strong as it can be.
Employ the Use of Anti-Phishing/Anti-Malware Software
While your employees are your best protection against phishing attacks, it’s important to backstop them with an application that can help prevent malicious threats from getting into their inboxes in the first place
Anti-phishing and anti-malware programs perform tasks like sandboxing, which puts any questionable files in a simulated computer environment to see if they’re safe. They can even help prevent accidental downloads from malicious websites when a user accidentally clicks on a phishing email link.
Scan All Files with an Antivirus/Anti-Malware App Before Opening
Malicious file attachments are one of the ways that a network can get breached. Many users are trained to not open files with .exe, .rar. or .zip file names but increasingly, hackers are using more innocent looking file types to deliver their code.
48% of malicious email file attachments are Office files.
Microsoft Office files have become the most popular way to inject malware into a system and they’re being used more often than other file types because users tend to trust a .doc or.xls file.
But these files can be set to auto-run macros that upon opening will deliver any number of different security threats. So, it’s best to have all files scanned, no matter the file type, with an application before opening.
Use a Unique Email Password
It’s not unusual for people to reuse their password across several platforms, which makes them all more susceptible to being breached if any one of those platforms has their credentials hacked.
Make sure your email password is completely unique and not used anywhere else, and that it employs strong password best practices, such as:
- Using both upper and lower-case letters
- Being at least 7-10 characters long
- Using at least one symbol
- Using at least one number
Don’t Log In to Email While on Public Wi-Fi
Offices around the world are more mobile these days and many times employees are accessing their email from a smartphone rather than their desktop. This means that a person may be connected to a public Wi-Fi if they’re not at the office, and if you log into your email while on a free hotspot, a hacker could easily steal your credentials.
It’s best to never log into email or anything else that needs a password input while on public Wi-Fi, or if you must, use a virtual private network (VPN) to encrypt your traffic.
Conduct Ongoing Phishing & Cybersecurity Training
To give your employees the best chance at avoiding an accidental security breach, it’s important to conduct ongoing cybersecurity training that includes phishing awareness.
If you’re just relying on a one-time training or sending around a PDF with tips, that’s not going to be enough to strengthen your staff’s defenses and help make email security a daily habit.
How Strong is Your Email Security Right Now?
Does your business have the necessary safeguards to protect you from a data breach via email phishing attack? Connected Platforms works with advanced tools that can safeguard your inboxes and protect your users.