Email has become such a widespread digital communication channel for both business and personal use that people tend not to question the security of it and lower their guard when sending and receiving email. What many don’t realize is that email as a channel is very vulnerable to attacks.
Phishing campaigns are on the rise as more people are working from home. Attackers use social engineering to convince people to click on something that seems to be legitimate. One specific type of phishing, which affects both companies big and small, is the Business Email Compromise (BEC) scam. The attackers try to bypass basic company protocols and trick the victim into sending them money. This is one of the most successful scams in terms of the amount of money companies lose, wherein billions of dollars are being stolen.
To understand and prevent these attacks, here are some things to follow to keep your emails safe:
-
Establishing Policies and Protocols
Employees must follow the set-out guidelines for securing and managing their emails. It is the company’s obligation to explain and outline the email policies and ensure that the procedures are followed. Some topics that are recommended to cover are, responsibilities of company email users, guidelines to prevent unauthorized access, and what to do when faced with a phishing incident. Having periodic training sessions will help employees understand the importance of following these policies.
-
Examine the Emails Carefully
One thing to highlight to employees is to never act on an email if they are panicked or in a hurry. In this state, their vulnerability is increased and could literally be one click away from giving away confidential data or money.
Users must always look for various red flags that may indicate a possible phishing scam.
Here are some quick tips on how to recognize phishing emails:
- Emails that require you to act quickly, creating a false ‘sense of urgency’
- Requests for personal information such as email or IDs
- Unexpected emails and attachments
- Spoofed email addresses
- Unfamiliar links (note: before clicking a link, if you really must, hover over the link fist to see if the web address is legitimate)
- Inconsistencies such as misspellings and grammatical errors.
-
Do not download unexpected attachments
When receiving an email with an attachment, verify the email by examining the email address. Do not trust the display name as they can be spoofed. It is always good to be a little skeptical when receiving emails. When an employee is still unsure, advise them to report the email to the IT department.
-
Use company email for business purposes only
If a website they registered on suffers a data breach, then the email they used to sign up will be affected and can be used in phishing scams. Restricting email to only business activities will reduce the chances of an employee’s email to be part of a massive phishing attack.
-
Avoid Public Wi-Fi or Use a VPN
Since most companies are implementing remote working, advise employees to avoid connecting to a public Wi-Fi (they should be staying home anyway!). While the use of public Wi-Fi is not as dangerous as it used to be, it is still possible for a malicious hotspot to steal your data and personal information. But if an employee must really use Public Wi-Fi, a good VPN will encrypt the traffic between the user and anyone else in between (Wi-Fi provider, ISP, even hackers) so nobody can spy on it.
-
Digitally Sign and Encrypt Emails
The most effective way of protecting emails in transit is by using S/MIME certificates, Secure/Multipurpose Internet Mail Extensions, to digitally sign and encrypt emails.
By digitally signing and encrypting your emails, it is easier to filter out the fake emails. There is more chance to have your emails trusted, and less opportunity for cybercriminals to victimize your employees. Moreover, it ensures that the content of your emails is kept safe where no one else but the intended recipient can access it.
S/MIME is useful in email protection and the risks therein because S/MIME encrypts all channels through user-to-user encryption.
GlobalSign offers comprehensive certificate management such as S/MIME for email encryption and added safety to protect emails from unwanted access. Our point-to-point message encryption is also compatible with many popular enterprise email clients. You can request for a demo here!
To learn more about our company and the full list of products we offer, you may visit our website, or check out our product list for enterprises and the Internet of Things (IoT).
For more blog updates, click here.