Email Security — Top Tips & Strategies
- Beware of sophisticated email phishing schemes
We’re not done warning you about phishing yet; not even close. Email threats have been around for decades, but the threats continue to evolve and become more sophisticated. The different types of phishing attacks include:
- Spear phishing: targeting specific individuals rather than sending emails to thousands
- Vishing: targeting people using similar strategies but by phone instead of email
- Smishing: using SMS/text messaging to trick the unsuspecting
- Whaling: targeting “whales” – important people with greater access to information assets such as company CEOs
- Know what to look for in a suspicious email
Fortunately, cybercriminals aren’t always the brightest bulbs, and they often leave clues to their trickery. They’re usually not as blatant as the fake guy sitting on a pile of gold and offering to share it with you in exchange for your bank account and routing numbers, but there are definitely some dead giveaways. These include:
- Typos!!! — Some malicious hackers have a subpar command of English; however, others may include typos for a reason — vetting their marks. According to cybersecurity advisor Joseph Steinberg, scammers may “insert sufficient clues into their messages so as to discourage responses from anyone who isn’t sufficiently gullible so as to ultimately fall prey to the scam.” The thinking is that people who are bad at spotting typos may be easier to fool. Either way, avoid opening any emails from the Untied (sic) States government.
- Unusual URLs — Scammers sometimes type in fake URLs to make it look like they’re connected to or offering information from a respected organization. However, if you hover over the link, you can usually confirm whether it’s legit.
- Additional clues — Here are a few more helpful tips on sniffing out phony emails:
- The sender’s email address doesn’t match the company
- The email contains multiple requests to click on a link
- The footer contains a slightly different company name
- Grammatical errors and mixed upper and lower case in the header
- Poor layout/formatting
- Requests for personal information
- Download with caution
File attachments are popular places for scammers to hide computer viruses and other types of malware. “Unsolicited emails that contain attachments reek of hackers,” according to SecurityMetrics.com. “Typically, authentic institutions don’t randomly send you emails with attachments, but instead direct you to download documents or files on their own website.” Therefore, it’s best to avoid opening attachments unless you’re sure they’re legitimate.
- Don’t click on links from a company or person you don’t know
This one should go without saying, but if you aren’t sure about the sender of the email or the link they are trying to share with you, don’t click. Even if you know the sender or the email looks legitimate, it’s always important to exercise caution.
- Use password best practices
Most people know they should use strong passwords and be careful about guarding them; nevertheless, bad password practices are still rampant. In a recent poll of 3,250 people across the globe, 91% said they knew that using the same password for multiple accounts posed a security risk, but 66% said they did so “mostly” or “always.”
For a strong password, stay away from obvious words or phrases. The more random, the better! Also, use numbers and characters. The FBI recommends using longer “passphrases” instead of just one word. This involves combining multiple words into a string of at least 15 characters.
- Be mindful of oversharing
All kinds of personal information — even the name of your dog or cat, schools you’ve attended, your birthday and those of family members, etc. — can be used against you, yet most people think nothing of sharing such info on social media. It may seem harmless (and usually is); however, malicious hackers use such data to try to guess passwords or establish a personal connection in a phony email.
- When in doubt, call to verify
Certain emails may ask you to verify your personal information by clicking on a link, and the email request may even seem legitimate. But keep in mind that most companies won’t ask you for personal information through an email.
- Update or install antivirus software
OK, time to talk tech solutions — specifically antivirus software that helps protect individuals and organizations from viruses, spyware, malware, phishing attacks, spam attacks and other online threats. Here are reviews of some of the top antivirus solutions from TechRadar and PCMag.
- Use encryption software
Exchanging sensitive files or financial information by email comes with a certain amount of risk. That’s because most email is transmitted in plain text and is not well protected as it travels between servers. That’s why many organizations use email encryption software.
- Implement an email archiving solution
Many businesses — especially those whose email correspondence must be preserved for regulatory compliance or who may require access for eDiscovery in the event of possible litigation — utilize an email archiving solution that preserves and provides instant, searchable access to archived email correspondence.
Fingertip access to company emails can also be helpful in tracking potential email security issues. For example, an email archiving solution enables you to search all company emails within a specified time frame for, say, the word “password” and see how many times people have shared this kind of sensitive information. This will give you a good idea of where your employees stand on email security and whether cyber awareness training might be needed.
- Back up important information & data
- You may do everything right to prevent an email phishing attack, but the reality is they still do happen, especially since we use email so frequently.
- In 2020, approximately 4 billion emails will be sent and received around the world.
- In order to be prepared, you should back up everything you can. Better yet, invest in an email archiving solution that will automatically back up all email communication, your contacts, calendar items and other relevant data. This can also be helpful if you need to search through emails around the time of a data breach to see what kind of information may have been compromised.
- Implement a Security Operations Center
Protecting your email is just one part of the vast cybersecurity landscape. Large organizations may want to think big picture and consider implementing a Security Operations Center (SOC), which refers to a team of cybersecurity professionals responsible for monitoring your environment, identifying potential threats and developing a plan of action to eliminate them.