The smart modern business will regularly review and update its security measures, policies and procedures for the best chance of protection against cyber security breaches. By not doing so, you run the risk of costly impacts to your business operations, and compromising your critical business data.
You only have to look at 2017’s unprecedented WannaCry ransomware attack to appreciate the extent of the damage hackers can inflict. Impacting more than 200,000 computers across 150 countries, the attack wreaked havoc amounting to hundreds of millions – some even say hundreds of billions – of dollars in damage.
As security measures get smarter, sadly so do the hackers. Continued vigilance exercised by businesses is therefore crucial to remaining a step ahead.
One area of network protection often overlooked in cyber security strategies is the potential for attackers to cause harm by hijacking the humble email. These days, cyber criminals can source email addresses via a ‘Deep Web’ search, which combs the internet for back-end or protected data that’s not indexed by regular search engines.
Once armed with a list of company email addresses, the hackers are in a strong position to successfully launch an attack. This usually starts with an employee being tricked into replying to a dodgy email, or opening a link or attachment containing malware.
The good news is there are lots of things you can do to protect your business from this kind of attack. Secure Logic has developed the following tips to boost the security of your company emails at the highest level …
Email policies and staff training
Training staff is the first line of defence. The goal should be to raise awareness of the different kinds of attacks and the signs to look out for, as well as encouraging the adoption of overall better cybersecurity habits.
Employees must also have an understanding of your security and recovery policies, including how to report suspicious activities, and what to do if they suspect their computer or device has been infected
A comprehensive email policy should be developed to underpin your staff education efforts. This should enable every member of the team to answer questions like, “What can I install on my computer or device?”, “How do I use passwords or spam filters?”, and “How do I exercise caution with unknown emails, links and attachments?”
Alongside boosted staff awareness, many companies opt for a policy that limits employee access by not granting them administrator rights to their devices. This can help avoid unauthorised and damaging downloads making their ways from staff email accounts onto company machines.
Differentiate external emails
Added protection against fraudulent or ‘phishing’ emails – which tend to take the form of hackers impersonating other people within the business – can be protected against by adding visual indicators to make emails from external addresses appear obvious to staff.
This may seem like a no-brainer, but it’s always worth re-iterating due to its importance – user passwords should be reset at regular three month intervals, as standard. The strongest passwords consist of at least 12 characters and use a combination of numbers, symbols and letters (lower and upper case). Staff should also be asked to avoid using anything too obvious, such as their name or the word ‘Password’. The use of multifactor authentication can also be introduced when employees change their passwords.
There are lots of tools available to businesses that can be installed onto devices to fortify your protection efforts against cyber attacks. Firewalls and authentication tools are one example. Email content management software is another, with protective features including content and spam filtering, anti-virus protection and anti-phishing capabilities. A good external IT support specialist will work to understand the distinct circumstances of your business, and provide specific recommendations about the most appropriate computer security measures for you.
It’s worth considering multifactor authentication for cloud-based email and remote access via VPN. Cloud-using businesses can also consider the use of hybrid-cloud applications to keep high value email accounts on-premises, avoiding the security risks associated with having sensitive information stored on a virtual server.
Keep on top of updates
Updating all business applications in a timely manner will ensure any security flaws detected by program developers are appropriately patched. By continuing to run outdated versions of your software, there’s a high possibility the version will contain a few known issues, which a seasoned hacker can easily exploit.
Encryption and backup
Certain pre-emptive steps can be taken to protect your business from further harm in the event a successful security breach does take place.
Encryption can be used to permit only certain users access to emails. This makes it harder for cyber criminals to read – and therefore misuse – your company data. There are lots of options you can consider to enable email encryption at your business, ranging from extra software plug-ins, email certificates, and third-party encryption services.
You can also protect against the loss of important information stored on the desktops of infected computers or mobile devices by setting up regular automated data backups.
Establishing robust secure methods that reflect the latest knowledge and accepted best practice for company email protection is crucial. Taking theses steps will help prevent serous security breaches, and the resultant costly disruption to business operations and potential for reputation damage. Talk to Secure Logic today to find out how to keep your company emails secure.