Office1 Blog

7 Ways to Change Email from a Cyber-Liability to an Asset

April 11, 2019 | by Gideon Ford

Companies transfer massive amounts of sensitive information throughout their organizations each day. So why, then, do so few of us make data security a priority?

The past ten years has seen over 300 data breaches that resulted in 100,000 or more records being stolen. This is not including the many other data breaches throughout the decade that were not made public or had under 100,000.

Stolen Files

Yes, unfortunately, thieves in the digital age have realized that the contents of your emails are more valuable than the contents of your wallet. And when business emails are the targets of these attacks, their respective companies stand to lose everything, from their revenue to their credibility to their customers’ trust.

Keep these strategies in mind to protect your business from the bottom feeders who rely on phishing scams and security exploits.   

 

1. No Two Factor Authentication (2FA)

WeakPassword

While strong passwords are a good deterrent, hackers who target small businesses are sophisticated enough to subvert these rudimentary security measures.

To kick a business’s email security up a notch, look into Two-Factor Authentication. The 2FA protocol requires that users have a third piece of information on top of the basic username/password—usually a PIN or a code sent via mobile. These systems are common in cloud-based email servers like Gmail and are an effective way for businesses to tighten up their access points from end-to-end, email included.

 

2. Phishing Attacks

Phishing is one of the most common ways people fall victim to email exploits. Instead of actually hacking the server, criminals target business owners by posing as fake entities, such as financial institutions or business associates. They trick victims into handing over sensitive data by using mined information or linking them to fraudulent sites.

To reduce the odds of falling prey to these fraudsters, make personal email security a regular part of your team’s IT training. Educate them on the risks they’re exposing themselves—and the company—to when they carelessly handle their emails. Most of this information is rudimentary and can be explained without resorting to dedicated threat management consultants or extensive IT training protocols.

 

3. Not Updating Your Operating System

As much of a hassle as updates can be, they exist for a reason. When your software is patched, it’s usually to correct a vulnerability or inefficiency detected in the software. For example, the WannaCry Ransom Attack that affected more than 200,000 computer systems was due to a vulnerability that was later corrected – and people who didn’t update were still at risk of being hacked.

Stay on top of your IT teams and keep every operating system up to date. Email data breaches often go unnoticed for weeks or months after they occur and can be devastating to a company’s public image and profitability from quarter to quarter.  

Guy Upset

4. Unencrypted Emails

Email encryption is necessary to prevent third-party snooping. Without it, personal details, banking information, user credentials, and other sensitive info is at risk of being intercepted by hackers.

If you haven’t explored email encryption options with your CTO, look into solutions that offer end-to-end protection from desktop to mobile to the cloud. Do your research beforehand; many encryption suites may be more advanced (and costly) than your organization requires. Find the sweet spot between affordability and security.

 

5. Don’t Open Unknown Attachments

Did you get an attachment? Don’t open it! Obviously, in your day to day life you’ll get attachments you will need to open. But always be wary about the attachments you receive. Malware is often sent through email attachments, so unless the attachment is from a coworker or from a trusted source, do not open the attachment.

If you are unsure whether or not an attachment is safe always double check. It can mean the difference between a functioning computer or a vector for a breach in cyber security.

 

6. Do Not Use Work Email for Personal Use 

This is less being worried about employees goofing off or wasting company time more than it is about protecting their information. Should a breach occur, the less hackers know about your personal information the better. Sending personal information or having personal communication through work emails can compromise secure personal data of each individual. Avoid this by avoiding using work email for anything other than official business.

 

7. Turn ON Your Spam Filter 

This one seems like a no brainer but you would be surprised just how many people have this function turned off. For whatever reason, people turn off their spam filter most likely to receive emails from a person not in their contact list or to make sure that a purchase confirmation is not sent to the wrong inbox. However, instead of turning on their filter they forget and leave it off.

Having a strong spam filter protecting your inbox will safeguard you against many potential threats. Always have it on and you will have a great first line of defense against potential threats and make your email safe.

 

Don’t Let Breaches Disrupt Your Strategy

Don’t let something as basic as email security disrupt your organization’s long-term goals. Keep your systems up to date, look into security protocols (like encryption and 2FA) and hammer out the weak links in your team through regular security education. Doing so will go a long way toward mitigating the inherent risk posed by the human component of an IT network, arguably the weakest touchpoint in any system. It may require an upfront investment, but it'll save much more capital in the long run, and it'll keep investors happy as you continue innovating and leading the company forward, rather than risking a company-wide shutdown due to preventable threats.

 New call-to-action

Categories: Security, cyber security, Email, Network Security

Gideon Ford

About Gideon Ford

Gideon Ford is a Professional Services Help Desk Technician for Office1 working to solve all issues related to IT. Gideon has worked with IT for nearly a decade and is familiar with Information Systems Security, Networking, SMB and Mobile Technologies, and providing remote support for those users. He has also worked with and supported a Department of Defense Aviation Contractor providing Network and Security support. Provided Mobile device technical support for a wireless carrier and most recently was part of AppleCare’s Senior Technical support team. Gideon Received his Bachelor of Science in 2012 from Westwood College in Denver in Information Systems Security. In addition to his degree specialty, he has trained in the areas of A+, Network+, and Security+ to name a few.