Email Security Awareness: Email
Phishing Attacks
There may be
dozens of messaging and voice chat apps available today, email is still the
king of business communications. It is user-friendly, fast, reliable and gives
employees the flexibility to work anywhere on any device. However, email is
also a common delivery system for cyberattacks, hackers are trying to reel you
in through email, they try to gain access to sensitive information, more than
90% of data breaches start with phishing attack. Phishing uses fraudulent email
messages designed to impersonate a legitimate person or organization. They
attempt to trick the recipient into downloading malware attachments.
You can
develop a proactive security awareness:
Minimise
incoming phishing emails
The first step is to pre-screen
incoming emails for harmful elements using technical controls. By default,
email services like Gmail and Outlook provide basic email filtering but it’s
worth implementing multi-layered defences make sure it comes with.
· Advanced threat protection (ATP): Uses
machine learning to inspect inbound emails for signs of a phishing attack, such
as suspicious wording unusual subject lines, poor sender reputation, and
unlisted email addresses.
· Sandboxing technology: Determines the
safety of file attachments by analysing their behaviour in isolated
environment.
· Link protection: Prevents users from
accidentally clicking through to suspicious and spoofed URLs.
· Spam filtering: Blocks unsolicited
and unwanted messages from reaching the user’s inbox.
· Threat intelligence: Keeps a
comprehensive database of known email-borne malware, spoofed emails, and the
latest scams in real time.
Train
employees
Security
training will minimise your company’s exposure to phishing, here’s a simple
checklist to help your staff defend against fraudulent emails:
· Never open file attachments you are
not expecting.
· Do not provide sensitive information
over email even if they appear to be from your bank or co-workers.
· Avoid messages with suspicious links;
you can hover your mouse over the link to determine its true destination.
· Look closely at the email headers and
web addresses. Scammers often create bogus variations of legitimate sites to
appear authentic.
· Watch out for spelling and
grammatical mistakes, as well as strange characters, emails from legitimate companies
are rarely riddled with errors.
· Beware of messages that instil a
sense of urgency (e.g. your account will expire unless you ‘’verify’’ your
information). If you are unsure, contact the company directly to confirm the
authenticity of the message.
Archive
your data
Despite the
quality of security training, employees might fall victim to phishing attacks
on their off days. In such cases data backups are your best form of defence.
Cloud based archiving services stores emails and files in secure off-sites data
centres in the cloud, users can retrieve archived messages and data from
anywhere with internet connection.
Develop a
recovery plan
Beyond
archiving your data, it is important to craft test an incident response plan in
preparation for a successful phishing attack. Employees must adhere to the
following protocols:
· Reset passwords and log out of
secondary devices.
· Check the sent mail folder for any
suspicious activity and warn everyone of the hacked account.
· Update anti-malware software and scan
systems for malware.
· Delete corrupted files and restore
clean copies.
Source: Empower IT