Network security is often considered the realm of IT professionals, but there’s one aspect of it that touches every part of business and can easily compromise security: email.
Everybody, from interns to sales associates to project managers, sends emails. That’s why email security is an important part of any good business network. Being aware of threats to your network that come from email is the first step to securing your computers, customers and organization.
Spoofing, Phishing and Spam
A hacker has many tools in his or her bag of tricks to pry sensitive information out of a computer network through email. Taking the time to become familiar with the most recent threats will help your organization adapt accordingly.
- Spoofing: Spoofing allows hackers to get inside your network by posing as legitimate users via email to gain information from employees that interact with the public. Email correspondence with a customer service representative, for example, could expose viruses hidden in attachments such as ransomware, scareware or other forms of malware.
To protect yourself from spoofing, use proper spam filters, both for individuals and your entire organization. Also, adequately read and review an email. Just because the email says it’s from your co-worker John Smith, take the time to review the email address. Is the from email address actually firstname.lastname@example.org, or is it something else? Taking a few extra minutes to review the message in greater detail can save you hours of future frustration.
- Phishing: Hackers also attempt identity theft through a technique known as phishing. Links in official-looking emails, such as emails that appear to come from bank or credit card websites, could actually lead to a site where passwords, social security numbers and account numbers are collected. Like spoofing, you can prevent phishing attacks by taking a few extra minutes to examine your emails as well as any links included in the emails you receive. For example, if you receive an email from your bank, ensure the email address includes an https:// in the address, indicating the site’s security certificate. Don’t be afraid to call the sender if you get an email you don’t expect.
- Spam: Although spam might not seem like a huge email security concern (it’s often considered more of an annoyance than anything else), it’s important to remember spam can cause major issues. Not only can it clog your organization’s network, it also often contains links to malware, ransomware and other threats that can bring down your entire network. Ensuring you have a strong filter will help protect you from spam and the threats that come with it.
How to Say Safe
Use Strong Passwords: A strong account password can protect vital data. Use unique passwords for different accounts. Passwords should be long, include a mix of numbers, letters and symbols. Likewise, your password should include a phrase only you know. For example, if only you know your Aunt Gert sends you ten dollars on your birthday, May 15, that could become a password. “Aunt Gert sends 10 bucks on my birthday 5/15” becomes the strong password as “AGs10bomb515.”
- Educate Your Employees: Computers are only as good as their users, so every employee must do their part to protect themselves.Make sure employees know what to expect in regards to network security. Ensure security and network updates are distributed to your entire organization, and included in the on-boarding process for new hires.
- Limit Attachments: Malware attachments often balloon the size of an attachment in suspicious ways. Hunting for those attachments can be hampered by employees who don’t clean out their inbox on a regular basis.
- Filter Your Internet: Decide what level of Internet filtering is right for your organization. Too little web filtering increases the likelihood of viruses, malware and other network security issues. Too much filtering and productivity slows down as new permissions must be discussed. Finding the perfect balance is key. (Struggling to develop a filter that works for your organization? These best practices can help.)
- Educate: Educate your employees on what you expect in regards to network security. Ensure security and network updates are distributed to all employees and included in the on-boarding process for new employees.
- Stay Current: Make sure your systems stay compatible with modern technology. Older systems often have difficulty integrating with newer devices. Hackers can exploit these issues and get a foothold inside a system. Likewise, loading software updates in a timely manner keeps your technology current. These updates often contain fixes and other patches that close loopholes hackers used in previous editions of the software. (The WannaCrypt attack is a good example of this type of vulnerability.)
- Backup: Backup your data. If your system does go down, having an off-site backup will get you back in the game much more quickly than having to rebuild everything from scratch.
Your best bet? Take a team approach to email security to ensure employees are on board and aware of common and major threats. Create policies and procedures ensuring email security best practices are in place, and create a secure firewall to detect threats before they become a problem.
At SWICKtech, we help our clients tackle these challenges every day. Our expert consultants help with everything from security to rolling out major IT project initiatives. If you need IT assistance, learn how we can help.