Even the best cloud-based email security solution can’t catch every malicious email missive. Here’s a list of dos and don’ts for employees to augment your email security and improve your cyber resilience for email.
- Do be careful with passwords and credentials. Even if you use a secure email provider, users need to protect their privileged credentials. “Weak and recycled passwords are common, something that inherently makes everything less secure,” notes Lee Munson, a security researcher at Comparitech.com. Also sharing passwords among team members – what this practice gains in convenience it certainly loses in security. Two-factor authentication is a baseline defence. Make it so your staff can’t give away their credentials! Business Impact: Sloppy password management creates an open door for hackers: 80% of security breaches involve privileged credentials, according to The Forrester Wave: Privileged Identity Management, Q3 2016.
- Don’t trust emails, even if they’re from inside. Mimecast research found that business email compromise (BEC) tactics get through enterprise email security solutions seven times more than email-borne malware. But threats can come from a bad actor inside your organisation who may use internal phishing to spread an attack. Business Impact: Mimecast research shows that 90 percent of global IT security decision makers rank threats on the inside as a major challenge to their organisations’ security, and almost half (45 percent) feel ill-equipped to cope with them.
- Do check URLs “on-click/every click”. We don’t look at – URLs, which makes us prone to malicious URL phishing. Skilful cyber thugs capitalise on this weakness with typo-squatting (URLs that look correct at a glance) and other sneaky techniques. Your best defence is automated real-time, on-click/every click URL scanning. Business Impact: Cybercriminals are increasing their use of malicious URLs to trick you into giving up credentials or installing malware, which can cost even small companies large amounts of money in recovery costs and downtime.
- Don’t trust attachments. Remind end-users not to open attachments they’re not sure about. And, of course, use an email security system that applies sophisticated techniques to detect email-borne malware. Business Impact: Data from Verizon’s Data Breach Investigation Report for 2017 shows that two-thirds of cybersecurity breaches result from malicious email attachments.
Annual email safety training doesn’t cut it. Given the volume of emails and types of email-borne attacks end-users encounter, regular training and reminders are required to supplement your security solutions.
All these tactics may seem overwhelming, but you need a lot of email protection to safeguard against savvy cybercriminals that are after your money and data. Learn more about what could be getting through in your employees’ email.