Effective Ways to Secure your Business and Personal Email

Email is the easiest way that cyber-criminals gain access to business data and information. Companies that have 200 employees or less are usually the target of cyber-criminals. In 2014, the Sony email hack left the world in shock, wondering how such a large organization could be hacked; their many security layers notwithstanding. Did it mean that smaller businesses and individuals had no hope against the clever hackers? Not necessarily.

Email security is the measures that businesses and individuals use to secure their sensitive data in email communication. It protects the email accounts, keeping them safe from compromise or unauthorized access. Emails are the main culprit in phishing and spam attacks or for spreading malware.

There are many ways to protect your business through email security. Your email security is most effective when you strengthen your weakest link, your employees. Involving your employees and making them feel part of the entire process is key to succeeding in securing your system.

Cyber-attacks come in many forms and it is only fair that you first know-how hackers operate before you can set up security measures.

Phishing attacks

Phishing is a form of social engineering that hackers use to steal data such as credit card information and login details. Phishing is when an attacker masquerades as a trusted entity and sends the victim a convincing email from a trusted institution such as a bank. Once the victims open the email, there is always a link they are asked to click on, which leads them to the hackers’ fake site. The site proceeds to ask for login details, which the hacker uses to scam them. There are different types of phishing:

⇾ Spear phishing
⇾ Email/spam
⇾ Content injection
⇾ Session hijack
⇾ Vishing (voice phishing)
⇾ Keyloggers
⇾ Smishing (SMS phishing)
⇾ Ransomware

Password attacks

Passwords are used to authenticate a user into a system and password attacks are another common type of attack. There are several ways hackers can get a hold of your password:

⇾ Brute force: This involves running the most common passwords through software and hope it hits the right one, and most often than not, it does. The software runs millions of variations and it might take time, but if the password is pretty basic, it will be cracked. The commonly used passwords include birth dates, pet, or children’s names.

⇾ Dictionary attack: The hacker uses a list of dictionary words and runs them through software, much like brute force, but running the software against dictionary words.

Eavesdropping attacks

This type of attack occurs through network traffic interception. Eavesdropping can leak credit card or password information and other sensitive information you might send via the network. Eavesdropping can either be:

⇾ Passive: where a hacker gathers information through listening to messages being transmitted on the network

⇾ Active: Where a hacker gets information by probing the user while disguised as a friendly entity and asking questions to the transmitters

Malware attacks

Malware is malicious software that installs into your system. It attaches to legit code and replicates itself. The most common are:

⇾ Macro viruses
⇾ File infectors
⇾ worms
⇾ System infectors
⇾ Trojans
⇾ Ransomware

Malware 101: The Common Types, And What You Can Do About Them

Cross-site scripting attack

Cross-site scripting attacks or XSS attacks make use of third parties to run a script in your scriptable application or browser. The cybercriminal injects malicious JavaScript into the site’s database. Once you log into the site, the website transmits the infected page into your browser and the malicious script executes.

There are so many dangers lurking on the internet, it’s impossible to pinpoint them all. Putting measures in place to protect your system remains the best protection you can ever have. Here are some ways you can protect yourself and secure your email since it’s the most vulnerable to attacks:

Email encryption

Email encryption is a method of encrypting email messages so that the content is protected from prying eyes. End-to-end email encryption involves the transmission of data where only the sender and the recipient can read the email content. With end-to-end encryption, the sender’s system encrypts the email and only the recipient can decrypt it, thus nobody can tamper with the email.

End-to-end encryption provides effective levels of confidentiality and protection to your email communication. There are various methods of encryption, which all depend on the security level you need. You can make use of a third-party email service encryption, or install a certificate that has a public key that you can share with whoever wants to email you. You then give them a private key for decrypting all received emails.

End-to-end encryption has several advantages:

⇾ Privacy: Your email content and its attachments are not visible to anyone except the recipient. You are protected from anyone intercepting the information via Wi-Fi or system eavesdropping.

⇾ Increased security: For more security, you can combine end-to-end encryption and digital signing. An email that is both encrypted and digitally signed is an indication that the email is authentic and there has been no tampering of the email in transit.

⇾ No surveillance: End-to-end encryption protect your emails from surveillance

Set secure passwords

Every employee needs to have their own email address and work computer password. The passwords need to be reset every so often, and you should consider a two-step authentication after each password change. A strong random password is made up of not less than 12 characters and a mix of numbers, lower-case and upper-case letters, and symbols.

Employees must make sure their passwords do not consist of obvious things such as pet or children’s names, yet it should be something easy to remember. The same password should not be used for different websites or accounts. Invest in a password manager for your staff to save all their passwords for different website sign-ins. For single sign-in, a password generator is an effective tool as it generates a one-off, random and unique password.

There are few hacks other than the obvious you can use to protect your passwords:

⇾ Don’t make passwords too long
⇾ Spread numbers and symbols throughout the password
⇾ Use a multi-factor authentication
⇾ Test your password by passing it through testing tools
⇾ Change passwords when an employee leaves
⇾ Stay offline and avoid storing passwords

Train your employees on email security

Employees are your weakest link and play a crucial part in email data security. You must invest in training them on what to look out for. Phishing is a very common cyber-attack method that uses emails to inject malware into your system.

Employees should be trained in the following:

⇾ Not to open links from unknown people or sources: Hackers are known to send links with malware via emails. Once an employee sees a strange email with a link, they should never open that email or click on the link. 99% of the time, it is a scam designed to get into your email system.

⇾ Never reply to emails that require password changes or ask for any sensitive information, even if the source looks legit. Scammers often use different phishing methods to get your system. A hacker will send an email purporting to be from a legit source, such as a bank. Clicking on the link leads to a fake website that mimics the official bank website. The site proceeds to ask for personal information such as login details, which gives the hacker all the information they need to infiltrate your system. Update anti-spy and anti-virus software.

⇾ All emails with sensitive information should always be encrypted. End-to-end encryption ensures that nobody can intercept these emails. Only the sender and the recipient have the relevant decryption keys.

⇾ Never use the corporate email to send or receive any personal communication: Most employees take this lightly and often give out their corporate email addresses for their personal communication. This creates a doorway for hackers to get into your system via third-party email systems. Work email must be strictly for work-related communication.

⇾ Never forward company mail to third party email systems

⇾ The employees must always be on their guard and verify everything they come across. If an email seems to be from a friend or colleague, yet it makes no sense, that is definitely a red flag. Let them pick up the phone and call a friend in question to confirm.

Ensure that you institute programs that test your employees with phishing emails to test their alertness.

Restrict mobile usage for company matters

Whenever an employee uses a company issue mobile phone or a personal one to send and receive any company-related communication, they must always make sure the data is encrypted and the device has a password. Security apps must be installed to ensure that malicious hackers cannot access any device via shared internet networks. Ensure the solutions you choose have built-in mobile management and provide options that allow you to keep data safe from prying eyes.

Mobile devices are easily compromised as most people do not really enforce security measures. Mobile phones are easily hacked using devices that only need your phone number. They can listen in to all your calls, read all your text messages and emails. Mobile devices are increasingly being used at the workplace, and sensitive information passed over texts and also saved on these devices. A hacked work phone can bring a huge loss of financial and client data as well as other sensitive information.

Hacking a mobile device is made easier by the fact that all the instructions needed are online, so anybody can do it. Ensure all mobile devices have security measures installed. Mobile devices require several steps which include secure passwords, confirming links in messages and emails before clicking on them, public Wi-Fi avoidance, and call and message encryption.

Avoid common mistakes when enforcing email security

There are common mistakes that can cause a breach in email security:

⇾ Ensure that all computers have email encryption: Encryption is critical when dealing with credit cards and banking details. Storage and transfer of unencrypted data are like posting data for public display. If you are not conversant with the implementation of encryption technology, make use of a professional IT expert.

⇾ Unattended computers: Computers should never be left unattended, especially if unlocked. Make sure you make it a policy that no employee should leave their computer unlocked when leaving their desk, no matter how short a period they are gone. Getting the employees involved will go a long way in enforcing security.

⇾ Ignoring security holes: If a security hole exists in your system, it can be exploited by a hacker if not sealed. Get an IT expert to look into the security patch as soon as it happens, and seal it immediately.

⇾ Doing everything yourself: Network setup, application of the proper measures for security, and software installation need to be done by a professional. Any large company has an IT department to take care of these issues. Small companies must learn to ask for help by hiring an IT professional to set up their networks. It is an extra cost, but it certainly beats your security being compromised by hackers because you did not get professional help.

Conclusion

Security starts with an individual. In as much as security measures are put in place in the workplace, employees must be part and parcel of this journey. Hackers are good at studying human psychology about the internet. They know exactly how to bait their victims, and most often than not, their victims always fall for it.

Ensure that you have a report of all policies with the employees. This means that when they make a mistake and accidentally click on a link, they can report the same without fear and the mistake corrected before any more damage occurs. Let the employees undergo regular training on cyber-security since the cyber-attack methods keep evolving.

Hackers will always be a step ahead of you unless you up to your game and keep your anti-spam and anti-spyware updated. As a small company, you should invest in the services of an IT expert to help you set up security measures. It might cost you quite a bit, but compared to the damage a hacker would cause, it is completely worth it.

Last but not least, avoid making the common mistakes all email managers make. Being complacent with security will cost you a lot in the long run. Vigilance is key, and you must never let your guard down, otherwise, as the Sony organization learned, you will end up losing a lot more than you bargained for.