Email Cybersecurity Best Practices for Avoiding Common Threats

More work than ever before is happening remotely. Employers and businesses have a responsibility to adopt measures to keep email communications safe, starting with email security best practices. With rising email attacks, your company and its data, intellectual property and finances could be at risk.

MOST COMMON EMAIL THREATS

In 2019, the FBI’s Internet Crime Complaint Center reported more than $3.5 billion in losses to individuals and businesses — the highest number of complaints and the highest dollar losses reported to date. Email is a major area of vulnerability.

All of the most common threats to email security involve deception, specifically trying to access personal information by leading a user to believe they’re communicating with a trusted source (or in some cases, even sending from email accounts of high level executives). Cyber criminals may spend months studying an organization, learning different vendors and trusted systems, communication styles, travel schedules, names of employees, etc. These attacks are successful because they’re orchestrated to mimic familiar communication requests.

Some terms you may associate with email security are:

• Phishing: Emails sent to look like they’re coming from established institutions, such as your bank or the government. These attacks may include a link to collect personal information or an attachment containing malware.
• Spear-phishing: A highly tailored phishing attempt focused on a specific group or organization using personalized, unifying information to seem real.
• Spoofing: Sending emails using the display name of someone else. While the email may be sent by vhajfsdf78@yahoo.com, it is displayed in your inbox as “Chase Bank” or “Joe Smith, CEO,” giving the recipient a false sense of security that the communication they’re engaging with is from a trusted source.  

EMAIL SECURITY BEST PRACTICES

There are steps you can take to protect yourself and enhance your company’s email security. We recommend considering each of these best practices:

• Multi Factor Authentication: Require this sort of security for all employees’ email logins. With multi factor authentication in place, if someone attempts to login to an employee’s email on a new device, it directs them to prove their identity from another form (such as a text message or phone call).
• Company Training: Any size business will value from a company training on cyber security. We offer this type of training because we see how vital it is for all employees to have the tools they need to avoid falling for an email-based attack.
• Antivirus Software: Make sure your company uses antivirus software, specifically software that employs DNS filtering which intercepts a web browsing session that starts from phishing email and forbids you from browsing to the unsafe site.

EMAIL SECURITY GOES FURTHER THAN THE INBOX

Vulnerabilities start at the top: think about how your business is set up, the tools it uses, the hardware employees operate on/with, the vendors it trusts, and the policies it enforces. A strong defense includes threat watch and a deliberate company-wide email policy. We know firsthand how overwhelming this can all seem, especially as a small or new business. That’s where the idea for Havoc Shield came from, so all businesses can have access to the protection they deserve.