Email Security… Do you care about your business reputation?

Email is one of the primary ways we communicate. We use email every day for work and to stay in touch with our friends and family. In addition, email is now how most organisations provide online services, such as confirmation of your online purchase or availability of bank statements. Since so many people around the world depend on email, it has become one of the primary attack methods used by cyber criminals. In this post, I am sharing a common email attack methods and the steps you can take to use email safely.

Not FUN Stat: 58% of people claim to be aware of the risks of unknown links in emails. And yet they click anyway.

On Average, there are more than 290 billion emails are sent and received throughout the world every day; most of those are SPAM emails. With very little investment, cyber criminals can design a campaign to scam people or harm businesses. Because it is elementary to impersonate an organisation, phishing emails are used more than any other attack vectors in cyber incidents. Combined with socially engineered emails, adversaries attempt to deceive the recipient into downloading malicious software or gather personal information by clicking on links or open attachments.

To protect your business, it is essential to have spam and phishing emails filtering. Many email service provider offers email filtering as part of their service. Still, in some cases, you might need to have a standalone spam filtering if your email provider doesn’t offer it.

Pro Tip: Disable macros in all MS Office products. MS Office macros can be used to run malware when you open a file, even if you don’t interact with the file. It would be best if you also disabled JavaScript in your adobe reader, as it can be used to run executables in the background.

Everyone using email has to be extra careful with any email asking you to take immediate action, or the message is making you panic. Always pay attention to who the email sender is, and ask yourself if you are expecting this email, and from this person. Always hover over links to examine destination URL. There is a good quiz available on ACSC website, try it to check how well you can spot phishing emails.

As mentioned earlier, email is used by most business to transact. As a small business manager, you need to protect your identity, brand, and your customers by enabling email security features to prevent spoofing your brand and domain. For example, by creating an SPF (Sender Policy Framework) record, you allow the recipients of your email to verify if the email came from your email server or any authorised service you allowed to send emails on your business behalf. There are other email security features that you can use as well, such as DMARC and DKIM, but they can be more complicated to implement. Start by contacting your email server provide to ask them how to enable SPF on your account.

Finally, please do not use your mailbox to store sensitive or important information. If you heard about the hack impacted Service NSW, you will know why. Basically, 186,000 customers were affected by the hack, and those customers data were stored in Service NSW staff members mailboxes.