Is your company's email providing a tempting route for cyber criminals to attack your business? Hackers continue to target businesses with phishing attacks. Once opened, these malicious email messages can hijack an entire company's financial information and gain access to funds and personal information. Email is a business essential, but also an easy avenue for hackers to use and abuse. How can you keep your business secure?
The human factor
Businesses of all sizes face vulnerabilities via email. When email accounts are hacked and compromised, cyber criminals can gain access to information including user names, telephone numbers, birthdates, passwords, and unencrypted security questions. Email is a common entry point for hackers because it's an easy way to exploit the weak link in cybersecurity policies: humans. Employees rushing through their emails can easily click on a malicious link. No wonder that a recent survey reveals some 90% of cyber attacks initiate with email.
Today, hackers are becoming more sophisticated than ever in their approach to email hacking. They've expanded from "phishing"—which tricks recipients into opening malicious emails or clicking on bad links—to now "spear phishing." This new approach relies on emails that appear to be from a trusted sender, such as the company's CEO, a vendor, or the business's bank, in order to fool recipients. Companies affected by these attacks lost productivity, money, and intellectual property.
Email do's and don'ts
Don't wait for your business to be victimized before you take action. Taking a few simple steps can help shore up any email vulnerabilities your business may have. Here are the do's and don'ts to follow.
- Do educate employees in the basics of email security. For example, remind them to pay attention to where an email came from before clicking on attachments or links. Cyber criminals excel at crafting legitimate-looking emails that appear to come from the IRS, banks, or health insurance providers. One clue to fraud is an email address that's slightly "off" (for instance, the letter "o" is replaced with the numeral "0" or the letter "l" is replaced with the numeral "1"). Grammatical errors, typos, and low-resolution logos are other warning signs. Explain to your team that financial, government, and law enforcement institutions do not request personal information or passwords via email. And teach them it's better to be safe than sorry: If an email from a familiar source seems strange, contact the sender to double-check its authenticity.
- Don't make email your default communication method. Think twice about sharing sensitive data over email or attaching documents with sensitive information. Consider using cloud-based file-sharing services instead. (Make sure the service you choose uses appropriate security measures.) Send a link to the file and limit access only to those who need it.
- Do require frequent password resets—at least every six months. Instruct employees how to create strong passwords and to keep them safe—not just posted on their computer or keyboard. Remind employees not to share their passwords with others. In case they give in to temptation, create an added layer of security by using PCs equipped with multi-factor authentication. Biometric identification such as fingerprints or facial recognition can provide additional security to reduce the risk of compromised emails.
- Don't access your business email over public networks. While using a coffee shop's Wi-Fi to check your email is common for today's mobile workforce, it can put your business's data at risk. Public networks are vulnerable to hackers who can exploit your laptop or mobile device as an "in" to your business network. Set up a virtual private network (VPN) to use when accessing email outside the office, and enable two-factor authentication of your email accounts for times when a public network is your only option.
- Do provide physical protection. Employees working on laptops in public places can expose email passwords to prying eyes. Shield your business from this risk by equipping notebooks with privacy filters. The HP EliteBook 1040 and HP EliteBook 840 feature HP's Sure View integrated privacy screen, which darkens at the touch of a button.2 The HP WorkWise3smartphone app locks and unlocks your PC if you step away from it, and instantly alerts you if your PC is tampered with.
- Don't forget to terminate email access as soon as an employee leaves the company. Even if a worker leaves on good terms, cyber criminals could discover the person's email password and use it to access your network. Shutting down former employees' email access protects against potential threats.
Better safe than sorry
Set and enforce strict email usage policies, enlist the right technology to protect your network, and you'll be able to rest assured you've done all you can to keep your business safe from email-based attacks.