For cybercriminals and any else who might want to target your business, email is a favorite attack vector, because it’s so widely used. Your staff needs to know what potential threats just using email can pose to the security of your business. You need to train your staff in best practices to ensure that email security is a priority and incoming mail is handled safely and securely. So let’s review a few of them.
Having to enter a password for authentication every time you use a different application, and remembering all the passwords required, can be frustrating. But there are good reasons for it and your staff need to appreciate them. It’s also not good enough to create passwords consisting of their pet’s name and the year they were born and hope for the best.
Too many people do this. A password made up of a significant personal detail and a lucky number of some kind is far too easy to crack. Cybercriminals have been known to do the hard work required to research employees and their personal information if they think it will bear fruit for them. Your online activity can yield a significant amount of information about you, and getting it isn’t even as hard as it sounds. It may seem like a long shot, but they can stockpile info and then, with a bit of trial and error, they can hit on the right combination.
For maximum email security, passwords need to be different for accessing different applications and data. If a password is used for multiple accounts in different areas of your business then it could be a recipe for problems. Multiple passwords are hard to remember, but this can be resolved with a password manager, that reduces the number you have to remember. There are also programs designed to give an extra layer of protection for passwords. Some email programs, such as Outlook, don’t require regular authentication and don’t ask you to keep entering your password, so it’s easy to forget about it. An additional measure to ensure email security is to change passwords at regular intervals.
If one password is a barrier to unauthorised users, then two doubles the security level. That’s more or less what 2FA does: it uses a password and an extra code that’s generated specifically for the occasion. Often this code is sent to a phone as part of the login process. When additional information needed to complete the login is delivered by a different means, it makes unauthorised access a whole lot harder. A hacker who managed to steal or crack your passwords would still be at square one.
It’s still tempting to think of email addressed specifically to you as safe, with contents that can be trusted. But using email containing links or attachments to unsafe sites is a favourite con trick. Clicking on an unsafe link, or opening a dangerous attachment, is easily done, whether it’s by a junior intern or the CEO of an organization.
Phishing scams are one kind of email threat, where a cybercriminal casts a wide net and waits to see who swims into it. They are typically designed to harvest your personal or other confidential information, and can purport to be from legitimate sources, with links to forged websites that look just like the real thing.
The old trick of sending attachments that contain viruses still works, because people still open them. If you weren’t expecting an attachment and aren’t sure that it’s legitimate, don’t click! Toxic attachments are designed to make you curious, so if it’s about an offer that seems too good to be true, it probably is! For maximum email security, you could run a quick virus scan first.
For help with your email security, including password and virus protection, you can always turn to the professionals at Quikteks. Reach out to us by calling (973) 882-4644.