As email is so widely used and understood as a means of business communication and information delivery, it’s also a prime target for cyber attack. Thankfully there are some quick wins to allow you to protect your email account right now.
IT security teams have processes, software, and safety protocols to defend the company against email attacks. However, the simple things you can do as an individual user to protect your personal and business accounts are well worth the time spent.
- 3 Common Email Security Threats
- 10 Simple Ways to Protect Your Email Account
- 1. Use A Strong Password Unique to Your Email Account
- 2. Ensure Regular Password Changes
- 3. Enable 2FA Authentication (aka MFA)
- 4. Use the Latest Software Versions
- 5. Remove Unnecessary Browser Extensions, Plugins, and Mobile Apps
- 6. Ensure Antivirus Software Is Installed
- 7. Never Trust Links Contained in an Email
- 8. Beware of Attachments
- 9. Understand What Phishing Emails Look Like
- 10. Use A VPN When on A Public Wi-Fi Network
- Endpoint Protection Overview
- Further Technology Articles
3 Common Email Security Threats
Email attacks arrive through innocent-looking links or attachments that carry malware or virus payloads to infect the end-user device. Cybercriminals exploit email to infiltrate an organisation, access sensitive information, or disrupt company access to resources.
The three most common email threats include the following:
Phishing refers to deceptive communication that tricks individuals into responding and disclosing sensitive information. The recipient is often asked to verify their login credentials on what they don’t realise is a phoney link to what looks like a recognised website.
From there, they can do more damage, changing privileges, accessing sensitive information, monitoring users’ activities, and performing other malicious actions.
Ransomware is malicious software usually spread by malware that seizes sensitive data and encrypts it. The attacker then sends a ransom, demanding payment in exchange for the decryption of the data. Even when an organisation pays the ransom, data is rarely recovered.
10 Simple Ways to Protect Your Email Account
Here are ten easy ways to protect your personal and business email accounts. Corporate IT departments may already have some of these in place (such as Business Emails Compromise), such as requiring employees to use strong passwords and update their passwords monthly.
1. Use A Strong Password Unique to Your Email Account
A strong password is complicated for others to guess, challenging for software programs to decipher, but easy for the user to remember. Company emails likely have criteria for passwords that make it a bit challenging to create an easy password, but it can be done.
Most likely, your password needs to be long, at least 12 characters with a mix of uppercase and lowercase letters, numbers, and symbols. It should also be unique; don’t use the same password for another account. If a hacker somehow gains the password to one account, there’s no stopping them from trying it on your other accounts.
Remembering complex passwords for all your accounts can be difficult. Luckily, password manager programs are available that store your passwords in an encrypted “vault.” The only password you have to remember in this case is the one for the password manager login.
2. Ensure Regular Password Changes
Perhaps the simplest way to protect email accounts is to change the password regularly. That’s why IT security teams require scheduled password changes, often in combination with a password vault. As discussed above, a password vault is another name for a password manager application. This enables you to store your passwords in a single, secure location. The recommended schedule for updating passwords is every 30 days.
3. Enable 2FA Authentication (aka MFA)
Most email services allow you to enable two-factor authentication (2FA), which adds a second layer of protection to your email account. With 2FA, you will enter a unique security code that the system sends to you via SMS or through an authentication app whenever you log in from an unfamiliar source. This way, even if someone acquires your email password, they won’t be able to access your account without also having your cell phone in hand.
4. Use the Latest Software Versions
A simple but essential security measure applied to email security is ensuring your devices are up-to-date and protected with the latest antivirus and malware protection.
So, be sure your operating system, browsers, and email apps are up to date because those updates come with critical security patches. Also, do the same for your antivirus and anti-malware software. Out-of-date security suites won’t have the coding needed to handle the newer hacks and viruses.
5. Remove Unnecessary Browser Extensions, Plugins, and Mobile Apps
The more apps you have installed on your device, the more vulnerable it becomes. The same goes for browser plugins and extensions. The best practice is to install only essential apps and browser extensions, especially on devices you use to access sensitive information.
This means avoiding unknown apps and free software, as those installs often contain malware. Likewise, browser plugins are a target on your computer. Java, Flash, and Silverlight are examples of plugins that create security vulnerabilities.
Partly because of this, plugins like this are no longer necessary. Most websites have upgraded to work with the newest browser versions, so media and other functions are accomplished without plugins.
Extensions add new, elective features to your browser. They are usually a matter of preference and not needed. So, avoid them if you can.
6. Ensure Antivirus Software Is Installed
Antivirus software suites come with built-in protections against malware and ransomware. To maximise these protections, keep your antivirus and ransomware protection up to date on all your desktop and mobile devices. Employer IT teams should do the same across the entire enterprise network, including each employer-issued device (including mobile phones).
Today’s corporate networks include Bring Your Own Devices (BYOD) like printers, tablets, and other personal devices with limited security protection. If you use a personal device for work that does not fall under your company’s IT umbrella, be sure to install and update your antivirus application.
7. Never Trust Links Contained in an Email
Even with your antivirus filters updated and working as they should, malicious emails find their way to inboxes. You should be aware of potential phishing or other malware attacks that may be embedded in your email. In fact, you should never assume links in your email are valid, even if you recognise the sender.
One way to check links in an email is to hover your mouse over them. That will show you the destination URL without requiring you to click on it. Never click the link unless you can verify that it’s legitimate. You cannot perform this action from a mobile device. So, it’s best to wait until you can view the message from your desktop.
If the link is supposedly for the login page to one of your accounts, you can leave your email and access your account through a browser or mobile app. Log in the traditional way and view the information there rather than trusting the link in the email.
8. Beware of Attachments
Phishing is a scam that involves malicious agents sending bogus email messages that appear to be from legitimate organisations. Phishing emails usually contain a payload of some kind. They arrive as an infected attachment or a URL to a fake website. Either way, the criminal’s goal is to trick the victim into downloading malware to their device.
The infected attachment will look like a harmless document like a bill or invoice, but it actually contains malware. Once the recipient opens the suspicious attachment, the malware infects the user’s device and spreads across the network.
Thus, never open an attachment unless you know the message and payload are legitimate. If the sender is familiar, you can always contact them to verify that the message is indeed from them. The same principle applies to any URLs in the email.
9. Understand What Phishing Emails Look Like
The intent of a phishing attack is to extract sensitive information like financial information, login credentials, or sensitive business data. Or, a phishing attack may release ransomware on the user’s devices, which then spreads through the network.
Most phishing attacks arrive by email, and the message mimics an actual organisation domain name. When you look closely, you’ll see intentional differences like using a zero instead of the letter “o.” Other times the domain name will be the same as the official company, but with some numbers tacked on to the end.
Many times, the email contains legitimate links with one malicious link embedded among them, which allows them to slip through email security filters.
The legitimate links are often enough to satisfy the recipient that the message is also legitimate. They end up clicking on the malicious link and landing on the hacker’s site. Likewise, the company’s real name may be part of the sender’s fake email address. Please take a close look at the sender’s address to be sure it’s legitimate before moving to the message.
10. Use A VPN When on A Public Wi-Fi Network
Public Wi-Fi networks leave you vulnerable to attack because network firewalls do not protect you. Your login credentials can be easily captured when you access personal or business accounts over open Wi-Fi. One way to defend against this is using a Virtual Private Network (VPN).
With a VPN, each session initiates with an encrypted tunnel that travels to an OS proxy point for device and user verification. Once the device is verified, the system grants access to that session. This way, a VPN allows you to work and check email safely while accessing public Wi-Fi.
Endpoint Protection Overview
A Endpoint Protection Platform (EPP) is an integrated security solution that detects and blocks endpoint device-level threats. Given the amount of remote work in today’s environment, endpoint protection is critical for all endpoints accessing enterprise networks, including laptops, computers, smartphones, and Internet of Things (IoT) devices.
EPP combines anti-malware, antivirus, anti-ransomware applications, firewall security, VPN data encryption, Data Loss Prevention (DLP) protocols, and risk-based security policies. Combining these technologies is more effective than using traditional, siloed security products that don’t communicate with one another. Many organisations are adopting EPP technologies.
Security specialists constantly update security software, procedures, and policies to keep up with the ever-changing threat landscape. Despite this vigilance, email attacks slip through the filters and land in your inbox. You should do your part, scan for suspicious messages, and take the easy steps presented in this article to protect yourself from phishing and other malware attacks.
If you would like to discuss your network security requirements in more detail with one of our cyber security professionals, please don’t hesitate to get in touch.