Securing Your Company’s Email: Tips for Preventing Email-Based Cyber Threats

With 90 percent of all cyberattacks now using emails as a means to breach organizations and
steal data, it’s essential to have strong business email cyber security policies in place.

But rather than focusing on large companies that often boast modern security measures,
cybercriminals have set their eyes on small businesses. In turn, small businesses have recently
become three times more likely to be targeted by malicious emails than their larger
counterparts.

Organizations that fall prey to the actions of email-related threats can incur significant financial
losses and notable reputational damage as well. Most IT and security professionals are aware
of these threats, and yet there seems to be a general lack of readiness to manage them.

The importance of email security cannot be understated. Here are some strategies your
organization can take today to stay aware and lower the risk of attack.

Avoiding Email-Based Cyber Threats

Currently, 58 percent of U.S. employees have the option to work from home at least one day a
week. As more businesses continue to adopt flexible work environments, this makes robust
email security practices more necessary than ever.

For those looking to create baseline a baseline policy, here are some of the best email security
practices to follow and share with your entire team:

• Use strong passwords and login credentials
• Block any previous spammers or unsolicited junk emails
• Verify all requests first, even from sources you trust
• Employ multi-factor authentication (MFA) at login
• Be careful about opening attachments in an email
• Only access your company email on approved devices
• Encrypt the contents of your email and any attachments
• Don’t access your business email on public WiFi
• Train your entire team on the proper security practices and how to spot phishing attempts
• Establish an intuitive, straightforward email security policy your team can follow

Phishing: Know What To Look For

To get a better idea of why email is such a popular method of attack amongst cybercriminals,
let’s take moment to explain the concept of phishing.

In the past, a phishing email might have come from a sender claiming to be royalty, asking you
to send them personal information in exchange for a promise of riches. Today, that’s no longer
the case, as phishing emails are designed to look like they are coming from a trusted source.

In fact, these fraudulent emails have become surprisingly believable, due to the fact that they’re
designed to be nearly identical to real communication you’d receive from banks, government
agencies, and big box stores.

Within these emails, the sender could ask the recipient to accomplish a few different tasks. For
example, they cybercriminal could suggest that the victim needs to change their password,
sending the individual a link to a fake login portal. Should any login credentials be entered,
they’re sent directly to the hacker.

On the other hand, the scammer could include a malicious attachment, disguising it as
something like an invoice. Once opened, the attachment could then secretly install malware on
the device and spread throughout the user’s network.

Finally, a cybercriminal may even pose as an internal employee, requesting that their next
paycheck be sent to a new bank.

Signs of a Phishing Email

Regardless of the request these scammers make, there are some tell-tale signs that can be
used to spot a potential phishing threat.

1. They’re asking for your personal information. Legitimate organizations will never ask for your login credentials or other sensitive data like tax numbers, credit card information, or other personal information—especially in an email.
2. They use an impersonal greeting. Organizations that work with you regularly won’t start an email with a generic greeting to a “valued member” or “account holder”; they will use your name and ask you to call them if they need information from you.
3. They use an email address with a suspicious domain name. Always check the email address for the emails you receive and hover your cursor over the name. Emails sent from large email hosts or emails that are slight variations on trusted email domains are likely a sign of a phishing scam.
4. They send an email with typos or bad grammar. Hackers aren’t stupid. There’s a reason behind the typos and grammatical errors; they may send thousands of phishing emails a day, but they are targeting people who may not be as observant.
5. They use a sense of urgency. Some emails try to instill fear about the consequences of not taking an immediate action. Scammers want you to act quickly and not take time to think.
6. They send attachments you never requested. Emails with unsolicited attachments are definitely a red flag that a hacker is trying to gain access to your organization. Legitimate companies may ask you to download an attachment as part of a marketing campaign, but whenever you are in doubt, check with your IT solution before opening anything.
7. They link to URLs that don’t align with a brand’s existing URL. A link may look like it’s sending you to one location, but ultimately redirect you to another URL. Before clicking any links, hover them and if the URL looks suspicious chances are it’s a site you shouldn’t visit.

Take a Proactive Approach as a Team

With just some simple training, regular phishing testing, and updated configurations, proper
email cyber security can be within the grasp of any organization looking to protect employee
inboxes.

Companies seeking to take a proactive stance on email cybersecurity choose Rocket IT’s Ideal
IT solution to build an email security strategy that safeguards sensitive data and information
from the eyes of cybercriminals.

To modernize your organization’s email security policies, achieve industry compliance
standards, and give your team the knowledge to stay ahead of email-based attacks, request a
consultation today.