It’s how we communicate, and store and access vital – often confidential – information. Yet it is a tool that is often at risk of attack.
For businesses, especially, email continues to be a critical technology and the threat of email hacks and data breaches loom large over IT security managers.
The recent Mimecast Business Email Threat Report revealed that 83 percent of IT security decision-makers think email is one of the most common sources of attack. Despite this awareness, 65 percent don’t feel fully equipped and up-to-date to cope with the risks posed by email threats.
So how can your organisation protect itself from the increasing threats? As the cyber threat becomes more potent, email attacks will become more common and more damaging.
While research has shown that IT managers understand the threat, email security is not the responsibility of just the IT team. Everyone across the organisation needs to play a role in protecting mission-critical data.
It’s up to IT and the C-suite to work together to make email security part of the broader business strategy.
It’s essential that executives, the C-suite realise they may not be as safe as they think. Business security and governance is a boardroom priority and email is key to the business bottom line.
Know your enemy
Awareness of the digital threats to your business is a great place to start to ensure your organisation is working together. By knowing what to look out for, individuals are better prepared to protect their organisation’s network. While no two attacks are the same, knowing some of the risks can help you prepare:
• Phishing attacks
Traditionally phishing emails arrive claiming to be from our bank, the tax man or a delivery company, trying to trick us into giving away personal details or login names and passwords. Newer advanced type of phishing attacks, called spear-phishing are aimed directly at a hacker’s chosen set of individuals or organisation, usually with a well-defined plan for execution in place. These attackers have done their research and leverage personal details from social media or other publicly available details to ensure users are even more likely to fall victim.
There are two types of phishing vectors; one targets victims with a malicious attachment, the second including URLs to malicious sites.
• Ransomware
Ransomware is a strain of malware that encrypts data on organizations' computers, servers or user devices, locking them down before demanding payment of a ransom – often in Bitcoin or another non-traceable currency – in exchange for decrypting the data. In a ransomware attack, you are literally held hostage and denied access to critical productivity tools and data like file servers, email, databases and more. More than 1.1 million ransomware threats have hit Australia this year alone, with the price tag hitting the business pocket, impacting employee productivity and with the potential to tarnish a brand’s reputation.
• Whaling
These email attacks use simple social engineering with eloquent affect to trick employees into handing over critical data or into making fraudulent financial transactions. Cybercriminals use similar sounding domain names or free email addresses to pretend to be business executives. They are disguised well as no malware links or attachments are usually included, so they evade traditional email security techniques.
Know what to do
Implementing strong technology tools is the key first step to secure your inbox. If you are suspicious of an email that has made its way to your inbox, these top tips can help to keep you safe at work and at home:
1) Don’t click the link. Even if it’s from someone you ‘think’ you know or trust.
Attackers will try to add as much authenticity and validity to their messages as possible, so be smart and don’t click on any links.
2) If you really need the link, research it yourself
Go to the website the link claims to be from. For example, if it’s a Facebook.com link, open your browser and type in Facebook.com yourself then search for whatever the sender is claiming to send you. Malicious links can be hidden under genuine looking ones.
3) You’re not going it alone
If you’ve received a suspicious looking email to your organisation, the likelihood is other colleagues will have to. Don’t be afraid to voice your concerns and ask if anyone else has been targeted. Your organisation’s IT team too will be on hand to help in any tricky situations.
There is no one size fits all to email security. Good IT and email security hinges on having the right resources and skills, as well as budget, allocated to security. It also means using up-to-date technology combined with a well-trained and security-aware employee base.
Visit:
