Email is a vital part of business communication – now so more than ever. A growing amount of confidential information is being sent through email as more and more businesses take their operations to the home. However, this growth in remote working traffic spells trouble. Cybersecurity threats have increased from attackers trying to steal confidential information and exploit vulnerabilities.
At Exclaimer, we believe cybersecurity is a top priority and not something to be left down to employees or considered an afterthought. With that said, what can email recipients and senders do to protect themselves? These are our tips and tricks to guard against cybersecurity threats and point you in the right direction…
Combatting Phishing and Malware
As an employee or business owner, you should be asking yourself, “would I be able to detect a phishing email or malware attack?”. If the answer is no, getting a better understanding of email security can help prevent a breach.
Phishing emails are a cyber attacker’s attempt to get you to hand over sensitive data and personal information. They are usually characterized by four tell-tale signs. Look out for:
- Immediate calls to action
- Any spelling mistakes and poor grammar
- Inconsistencies in email addresses and links
- Any suspicious attachments
Check the contact name and email address of the sender, too. With these emails, you’ll often find misspellings in the sender’s domain name and an email that doesn’t match.
Email cyberattacks – like phishing scams and malware emails – are designed to create panic. If the messaging is telling you to do something right now – either by its wording or the threat of fines – this is an immediate red flag.
Keep an eye out for emails with an attached zip or ‘.exe’ file; these can also be harbouring some nasty surprises.
If you’re suspicious, just slow down and take your time looking at it. More often than not, you’ll get that ‘a-ha’ moment as one of these signs reveal themselves when looking with fresh eyes. And if you’re still worried, chat with your IT manager.
Spam, Spam, Spam…
Half of all emails are from spam senders and with billions of emails being sent daily, they can become a dangerous nuisance.
There’s not only the chance of malware finding its way into your inbox; an overload of spam can gum up the works, causing networks and servers to slow or crash. This will cost you time and money fixing a problem that could be easily avoided.
Bolster your email cybersecurity by checking your spam filter and toggling settings to redirect any questionable emails into a different folder. Filters can’t stop everything, so you should become familiar with the signs of a suspicious email to make sure you aren’t caught out.
Whatever you do, don’t reply. Responding to these emails shows those orchestrating cyberattacks that your email address is still active.
Get some extra assistance in dealing with spam by making sure you have multiple layers of anti-virus security. Having the watchful eye of different anti-virus systems increases the likelihood of any nasty new malware, embedded within spam emails, being quickly detected and wiped.
Keep it Legal
It happens to the best of us – attaching the wrong file in an email or sending to the wrong person – but if you’re not prepared, it can have some serious legal implications.
Cyber threats aren’t relegated to just stopping malware – they can be internal too.
For example, not having a compliant email disclaimer in your signature can leave you in hot water – as discovered by an online vendor in England whose automated signature cost him £25,000 when it was considered to be ‘legally binding’.
Avoid this by removing any contract terminology in your disclaimer. Remove any terms that could be seen to be a legal agreement. We recommend you also let people know any views expressed in the email do not reflect those of the company.
Emails should also include relevant copyright and confidentiality statements for peace of mind.
If your business is located in the UK, you must comply with the UK Companies Act. You need to make sure your email disclaimer has: a company name, registration number, the place of registration (e.g. Scotland or England & Wales), and a registered office address to avoid a £1,000 fine.
Other countries/regions such as the United States and the European Union (EU) have their own set of email disclaimer laws. Brushing up on these can help international businesses avoid getting caught out.
Follow the basic rules of effective email signature design, too. Include only the necessary contact details along with a small, yet recognisable color palette. Avoid putting links to private social media accounts, personal phone numbers, and addresses as these could attract some unwanted attention.
A centralized email signature management solution makes it simple for businesses to manage all employee email disclaimers, keeping them consistent even while your team is working remotely.
First Line of Defence
You can have all the right security software in place, but it won’t make a difference if your team isn’t clued-up on how to spot and stop a cybersecurity threat in its tracks.
With over 30 percent of phishing emails making it past default security software, those on the frontline need to know how to protect against a cyberattack.
Create an effective ‘human firewall’ by organizing external training or an educational seminar from a cybersecurity expert, to boost your team’s knowledge and confidence in detecting threats.
Try tailoring your training specifically to your company’s needs to keep everything relevant and streamlined. For example, small businesses relying heavily on email communication should prioritize training for avoiding phishing scams and malware, and spotting fraudulent content in real-time.
The modern move to remote working has seen a rise in ‘Bring Your Own Device’ (BYOD) policies. This brings many new security challenges for businesses.
Teams are now trusted to set up their own kit correctly, but it’s difficult for businesses and IT managers to stay on top of all outgoing emails.
This works both ways though. Employees often worry about logging into work apps on the same devices they use for their entertainment.
Take these steps to protect business data and confidential emails while your team works from home.
Introduce Mobile Device Management (MDM) software on personal devices. This lets businesses control the range of tech used by its people. MDM systems keep company information in one secure place, separate from personal apps. This means employees can use their devices for personal and business use, without mixing the two or compromising cloud security.
In addition, make sure basic security software is installed on all devices. Password-protected files, firewalls, and anti-virus software are a must for any devices used to access company files.