How to Secure Your Email (Without Complicating It)

At this point, I know I don’t have to tell you how important your email is to your business, and how important it is for your email to be secure. It’s 2019 (as of this writing), after all, and businesses have depended on email for decades. Unfortunately, many still haven’t learned that security threats have also leveraged email for some time now.

Businesses in Massachusetts are typically aware of the importance of data protection, thanks to our state’s Data Protection Laws. We see this as a great thing - protecting the data of customers and employees should be the standard. One often missed entrypoint that many businesses don’t lock down is their employee inboxes.

There are a variety of attacks that cybercriminals will leverage as they try to breach your business via your email, so you need to be prepared.

How Cybercriminals Attack Via Email

There are a variety of methods that can be used to target you through your email. For instance, malware is notoriously spread through email, particularly through corrupted links or downloads. One particularly well-known example is that of ransomware, a variety of malware that quite literally locks down a system and demands payment for it to be released. Other malware also commonly uses email to spread, sometimes even propagating cryptocurrency mining programs and the like.

These types of attacks aren’t something that happens to other people, Massachusetts has been directly affected by malware attacks as well. In May of 2018, a small school district in Leonminster, Massachusetts was the victim of a ransomware attack. They were infected with the WannaCry cyptoworm and as they had no back-ups, they were at the mercy of the hackers...who had none. Ultimately the school district paid $10,000 in Bitcoin to have their systems restored. This reinforces the importance of not only having an effective email strategy, but also a backup and disaster recovery plan as well.

In order to help this malware and their other efforts reach their maximum potential, cybercriminals will frequently use certain, proven effective strategies. For instance, many cybercriminals will spoof a domain as they send their email, making their attacks appear to come from reputable sources. This tactic can help a hacker attempt to phish their targets, which is a fancy way of saying fool them into disclosing data to someone they shouldn’t, just because the email appears to come from some authority figure. Remember the Nigerian Prince scams? They are a version of phishing. Another type of phishing requires a little more research on the hacker’s part. By focusing their attack on a single person in the company, having dug into that person’s history online, the hacker can craft a very focused and personalized attack. This is known as spear phishing.

How Your Email Can Be Made Vulnerable

It should come as no surprise that the biggest threat issue in email security is the user trying (or “trying”) to leverage it. An estimated 2/3s of email hacks are thought to have been enabled by negligence on the part of an employee.

This doesn’t even account for a team being made up of human beings.

Human nature being the way it is, there is a strong chance that these human employees will do their best to find loopholes to help make their jobs that much easier. The trouble is, these loopholes likely won’t be compliant with your security standards, assuming they don’t violate any regulations that your industry was beholden to in the first place.

To fight this tendency, you need to make sure you reinforce positive habits inspired by workplace best practices. Educating your employees on how they should be doing things, as well as why it is better to do things that way as compared to how they were once done, can help build a new workplace routine that your employees may be more likely to follow.

Introducing New Processes to Your Employees

A good place to begin retraining your employees is within the protocols that you follow as a company. Revising these protocols to be more security-focused and reinforcing the lessons within them at various opportunities will only help your employees to adopt this security-first mindset as well.

Accomplishing this will be easiest if you start with some security basics:

• Your email password needs to follow the same best practices as any of your passwords should - and the same naturally goes for your employees as well.
• You and your employees need to be mindful while using email, checking what the “from” field says before opening it, hovering over hyperlinks before clicking them to make sure they navigate where they appear to go, and otherwise reviewing any emails with a skeptic’s eye.
• Your entire organization should be wary of threats that come in via email. Any unexpected password reset emails or emails containing large attachments should be avoided, and everyone should log out of their email when they are finished with it.
• You should also introduce multi-factor authentication to all of your solutions, including your company email accounts. While MFA may be slightly annoying to deal with, it is far less worse than dealing with a full-blown hacking attack.
• Any and all emails your company sends or receives should be protected by encryption. Again, this needs to be a user-friendly enough process that your team will make use of it.

Datalyst is here to assist you in keeping ALL of your business technology efficient and secure, so that you can focus on utilizing it for your business. Reach out to us at (774) 213-9701 to get started.