Featured image by KAL VISUALS on Unsplash
With the rise of tools like text messaging, Slack, and other messaging platforms, there’s a sense among some that “email is dead.” But the fact is that email remains important to most businesses, especially given the current pandemic. With the majority of people working remotely these days, email has once again moved to the forefront for communication and information-sharing. Therefore, email security is a priority for many businesses.
RELATED ARTICLE: SALES EMAILS IN 2020: 10 TIPS TO NAIL THEM
The vast majority (about 75 percent) of cyberattacks on businesses come from emails. The problem has only worsened during the coronavirus pandemic. Malicious actors have attempted to capitalize on the pandemic by sending fraudulent emails related to everything from testing and case counts to contact tracing and vaccine studies. Additionally, they have created malicious domains related to the virus and the response efforts. Using these messages and domains, they attempt to steal information and spread malware.
Because so many people are working from home, and the risks related to email attacks are so high, refreshing the basics of email security and best practices is important.
Investing in Email Protection
Protecting your business from cyberattacks that originate from emails begins with robust technical tools. Spam filtering tools can keep a majority of malicious emails out of inboxes. Moreover, internet filtering can strengthen email security by preventing even accidental visits to malicious sites. Implementing email authentication tools and policies, such as the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) can all help thwart bad actors.
RELATED ARTICLE: INFORMATION TECHNOLOGY IS ESSENTIAL TO BUSINESS SUCCESS
Of course, this protection is in addition to other standard protocols, including virus protection. Still, none of these technical tools can work to their full advantage when they aren’t supported by human behavior. This is why reiterating basic email security training and best practices is also necessary.
The Basics of Email Security
Hackers have been working to exploit the COVID-19 pandemic. Accordingly, businesses report significant increases in phishing attacks on their employees. Many of these attacks prey on remote workers attempting to take advantage of the comparatively relaxed email security protocols that allow for the rapid transition to remote work. Other attacks claim to be offering unsolicited assistance or access to grants and other funds for businesses. Regardless of the specifics of the attack, everyone needs to be on alert for the signs of a phishing email, including:
- Misspellings and incorrect grammar.
- Requests for information that the sender should know (such as HR asking for your Social Security number).
- Requests for account information that wouldn’t normally be made by email due to security reasons. These might include requests for passwords, account numbers, or addresses.
- Unnecessary urgency.
- Unusual sender addresses.
Ultimately, it’s the responsibility of any email recipient to verify the legitimacy of any email, especially before clicking a link or opening an attachment. For better security, don’t hesitate to reach out to the sender through other channels to confirm they sent the email before opening it.
Identifying phishing emails is only one aspect of protecting email, though. Your employees should be implementing additional security protocols, including:
- Password management. Email passwords should be unique and never used for multiple accounts. As a matter of policy, email passwords should be changed regularly, at least every 90 days.
- For better email security, use multi-factor authentication as an added layer of protection.
- Avoid sending sensitive information, including attachments, via emails. Use file sharing or collaborative work systems instead. If documents must be emailed, used encrypted, secure email management systems. These strategies can help to keep the information from falling into the wrong hands.
A New Threat: Vishing
Although not specifically related to email security, there is a new threat that’s spreading among organizations, and it warrants mentioning. Essentially a phishing attack made via phone rather than by email, the COVID-19 pandemic has increased the number of such scams. This is in large part because scammers know people will be home, and therefore more likely to answer the phone. Moreover, they know that people are desperate for information about the pandemic and response.
Vishing attacks often rely heavily on social engineering. That is, they target people using a relevant subject (like the pandemic) and information gathered from other sources, like social media. Usernames and passwords from compromised accounts are also key to successful vishing attacks. Hackers use the information gathered in previous data breaches to access your accounts and steal information. Then they use this information to launch ever more sophisticated attacks.
The prevalence of these attacks underscores the importance of proper password management and email security. Hackers who are after a major target, such as a business, are often willing to be patient. They will use multiple methods to secure the information they need for a successful attack.
Keep Email Security at the Forefront to Protect Your Business
By keeping inboxes clear of malicious messages and using email properly, it can remain a useful tool, and not a source of headaches and business losses.
RELATED ARTICLE: BUSINESS INFORMATION UPDATES DURING COVID-19 BREAKOUT