Email Security Awareness: Email Phishing Attacks
Posted 01 Jul, 2020
Author - Olajumoke Adebisi
Email Security Awareness: Email Phishing Attacks

There may be dozens of messaging and voice chat apps available today, email is still the king of business communications. It is user-friendly, fast, reliable and gives employees the flexibility to work anywhere on any device. However, email is also a common delivery system for cyberattacks, hackers are trying to reel you in through email, they try to gain access to sensitive information, more than 90% of data breaches start with phishing attack. Phishing uses fraudulent email messages designed to impersonate a legitimate person or organization. They attempt to trick the recipient into downloading malware attachments.

You can develop a proactive security awareness:
Minimise incoming phishing emails
The first step is to pre-screen incoming emails for harmful elements using technical controls. By default, email services like Gmail and Outlook provide basic email filtering but it’s worth implementing multi-layered defences make sure it comes with.
·       Advanced threat protection (ATP): Uses machine learning to inspect inbound emails for signs of a phishing attack, such as suspicious wording unusual subject lines, poor sender reputation, and unlisted email addresses. 

·       Sandboxing technology: Determines the safety of file attachments by analysing their behaviour in isolated environment. 
·       Link protection: Prevents users from accidentally clicking through to suspicious and spoofed URLs.
·       Spam filtering: Blocks unsolicited and unwanted messages from reaching the user’s inbox.
·       Threat intelligence: Keeps a comprehensive database of known email-borne malware, spoofed emails, and the latest scams in real time.
Train employees
Security training will minimise your company’s exposure to phishing, here’s a simple checklist to help your staff defend against fraudulent emails:
·       Never open file attachments you are not expecting.
·       Do not provide sensitive information over email even if they appear to be from your bank or co-workers.
·       Avoid messages with suspicious links; you can hover your mouse over the link to determine its true destination.
·       Look closely at the email headers and web addresses. Scammers often create bogus variations of legitimate sites to appear authentic.
·       Watch out for spelling and grammatical mistakes, as well as strange characters, emails from legitimate companies are rarely riddled with errors.
·       Beware of messages that instil a sense of urgency (e.g. your account will expire unless you ‘’verify’’ your information). If you are unsure, contact the company directly to confirm the authenticity of the message.
Archive your data
Despite the quality of security training, employees might fall victim to phishing attacks on their off days. In such cases data backups are your best form of defence. Cloud based archiving services stores emails and files in secure off-sites data centres in the cloud, users can retrieve archived messages and data from anywhere with internet connection.
Develop a recovery plan
Beyond archiving your data, it is important to craft test an incident response plan in preparation for a successful phishing attack. Employees must adhere to the following protocols:
·       Reset passwords and log out of secondary devices.
·       Check the sent mail folder for any suspicious activity and warn everyone of the hacked account.
·       Update anti-malware software and scan systems for malware.
·       Delete corrupted files and restore clean copies.
Source: Empower IT
Share this post
teapotNG is an online trading platform of Teaplant Nigeria Limited. RC 1411634