Your inbox could be one of the simplest ways for hackers to breach your organisation
Email has firmly embedded itself as a regular part of our personal and business lives. The simplicity and flexibility of email makes it a powerful and versatile tool, but this flexibility also makes it a prime target for hackers. In recent years, malicious actors have become more sophisticated. Here are a few guidelines for keeping your business email safe.
Enforce Strong Passwords
A single hacked email account can wreak havoc on a business, and there’s a good chance some employees will use passwords that are easy to guess. Formulate clear guidelines for what your company expects in terms of password strength, and offer help for new employees or anyone who doesn’t understand your password rules. Note, however, that experts typically recommend against mandating regular password changes.
Educate Employees About Phishing
Phishing attacks, which use deceptive emails designed to trick employee into typing their passwords into mock login websites, have long proven effective. However, today’s malicious actors are becoming more sophisticated. By looking up a company’s senior management, hackers can create email addresses that look similar and target employees. Some are even adding text such as “Urgent!” to the title in order to capture attention. Teach employees to cast a critical eye toward links and to never type in their password after clicking through a link. Even some of the world’s leading tech companies have fallen victim to these types of attacks. A single hacker from Lithuania fooled both Google and Facebook by imitating Quanta Computer and, briefly, had them send him more than $100 million.
Monitor for Suspicious Activity
Perhaps the most difficult threat to detect is the use of keyloggers, both hardware and software, that capture and log keystrokes. Protect physical access to your hardware to prevent hardware keyloggers, and make scanning for software keylogging programs a regular part of your security measures. It’s virtually impossible to make your system immune to these types of attacks, so regularly scan for suspicious activity. Login attempts from distant areas, for example, can indicate hacking attacks.
Limit the Damage
Email is convenient, and it serves a range of roles within businesses. However, email is difficult to fully secure, and it’s best to assume anything sent over email could eventually become public information. Avoid sending money-related information, such as credit card numbers, through email, and use more secure methods of communication for critical company data. While encryption can make email more difficult to hack, it isn’t foolproof.
The ubiquity of email means it’s here to stay, and no proprietary effort to supplant it has gained much traction. Although email is a cornerstone of business, it also presents a tempting target for malicious actors. Focus on educating employees, and make sure your company’s rules are enforced.
We spoke to Hugo Perez from global IT service provider UDT and Josh Pearl from email security specialists Mimecast to discuss ways you can spot and prevent email hacking in your organisation. Listen below.
Both UDT and Mimecast are partners of Cloud28+, the open community of over 600 partners, built to accelerate cloud adoption and digital transformation around the globe. It has members located across North America, EMEA, Latin America and Asia. Join free or find out more here.