Blogs and Posts
- By: Garry Feldman
- Date: July 19, 2017
Ransomware attacks and other devastating forms of malware have gotten more ingenious over time. Gone are the days when a phishing e-mails scam or attempt to hijack your computer come through obviously fake or suspicious emails.
One recent phishing attack wave used extremely convincing fake Google Doc invites. Clicking on the “preview” icon of the fake docs would bring a recipient to a near-perfect replica of Google’s log-in screen, where the user would grant permission to a malicious third-party application to access their data.
Attacks like these are getting more sophisticated, and once inside your system they can spread without having to trick anyone else. To prevent these intrusions, telling employees to watch out for “suspicious emails” is not enough anymore. Spotting the difference between the real deal and a fake has gotten tougher over time.
Being truly secure means business must institute email security practices that defend effectively against cyber attacks. Securing email through these measures is the only way to protect your business’s most sensitive data. You can use the following best practices to get started.
Audit Current Email Use
Does your company use dedicated email addresses for employees and business roles? It absolutely should. If employees are resorting to their own email accounts, the tendency to mix business and personal life is more than a distraction. It poses increasing risks that the same account your employee uses for business could be targeted by hackers who gleaned information from personal browsing.
Ensure every employee has a unique email address to use and set firm policies on what activities are acceptable through the account. Even something as seemingly innocent as joining a website’s mailing list can provide yet one more opportunity for intruders.
Also, ensure every email contains a legal footer protecting the information contained within from being shared to third parties without permission.
Use Encryption, an Antivirus Scanner and Smart Policy for Attachments
Sending and opening attachments should not be the norm with your daily business procedures. If you share files regularly online, you should instead implement some sort of shared, cloud-based storage or intranet system.
Even encrypted emails are less secure than these services since there is no reliable way to monitor how an attachment is forwarded or altered.
Employees should always be cautious when opening an attachment unless they were expecting it from a fellow employee, client or vendor. Using an anti-virus scan service can provide an additional layer of security to these best practices.
Instruct Employees to Use Only Strong Passwords
Strong passwords are ones with lots of possible variables, like including capitals and numbers. The “strength” refers to the fact that brute-force intrusion attempts take much longer when accounting for multiple extra possibilities.
Passwords should also never be shared, even between trusted employees. Each employee should have their own means of accessing critical email accounts.
Flag Risky Email Types
Modern spam filters built into email services do not go far enough to reduce risky emails. Emails with large attachments or suspicious content should be automatically flagged for further review by antivirus programs and email security IT personnel.
Employees should also be blocked from sending “mass” emails to large numbers of recipients or forwarding chain emails since these can both expose your email addresses to cyber attackers. A comprehensive email use audit and cyber security consulting can help you determine the specific rules needed to keep your company safe.
Partner With IT Experts for an Email Security Solution in Stamford, CT
Protecting all of your possible weaknesses alone is not possible in an age where ransomware attacks constantly shift tactics and find new ways to spread. Just one mistake can bring down an entire corporate network, as evidenced by recent NotPetya attacks.
Your company cannot afford to learn from its mistakes. Instead, it needs a complete cyber solution that includes a comprehensive look at your unique network and company practices.
Get started preparing for the next wave of attacks and defending your company today by reading our free ebook on preventing ransomware attacks today. What you learn could prove invaluable for keeping your company out of the line of fire when the next big cyber attack hits.
- October 2017 (2)
- September 2017 (6)
- August 2017 (4)
- July 2017 (4)
- June 2017 (6)
- May 2017 (4)
- April 2017 (6)
- March 2017 (4)
- February 2017 (5)
- January 2017 (5)
- December 2016 (5)
- November 2016 (5)
- October 2016 (4)
- September 2016 (6)
- August 2016 (4)
- July 2016 (7)
- June 2016 (7)
- May 2016 (6)
- April 2016 (5)
- March 2016 (7)
- February 2016 (5)
- January 2016 (5)
- December 2015 (6)
- November 2015 (1)
- October 2015 (2)
- August 2015 (5)
- Backup and Disaster Recovery (7)
- Business IT (31)
- Security (45)
- Training (22)
- Uncategorized (26)
- Webinar (18)