How to improve your email security
With 91% of cyber-attacks starting through email, we discuss some ways to improve your overall email security.
Did you know that 91% of all cyber-attacks start through email?
Email has become the single most important form of business communication, yet poses the biggest threat to your business. With increasingly sophisticated and difficult to detect cyber-attacks, are you aware of the latest threats? Cyber-criminals are using more sophisticated tactics which include email impersonation attacks. These social engineering attacks use human psychology rather than traditional technical hacking techniques. They manipulate users into divulging confidential information by impersonating a trusted party. Even with the highest levels of security, businesses can be left exposed if an employee is tricked into clicking on a malicious link from a supposed Facebook friend, LinkedIn connection or even a C-level executive. Increasing awareness has never been more important. A recent Mimecast report revealed a staggering increase in business email compromise attacks.
|
Spear Phishing: Targeted emails 'appearing' from someone you know to access confidential data such as passwords, credit card details or customer data. |
Whaling: Based on a big “phish” analogy, these new attacks impersonate the CEO, CFO or other senior executive, making the target react to perceived power. |
Think it doesn't affect you? 66% of small businesses have experienced a cyber attack in the past 12 months. The cost of a cyber attack is not only financial, with companies having to spend time recovering from attacks. An attack not only compromises your systems, it can result in data loss, reputational damage and fines.
Common Impersonation Attacks
Social networking sites have facilitated social engineering attacks. Cyber criminals are taking advantage of sites like LinkedIn to create lists of company employees and gather detailed information. This increases the credibility of attacks. Common impersonation approaches include:
- Emails from a friend: if a cyber-criminal compromises an email account, they can access all their contacts. They can then send messages from these contacts asking users to click on a link, download a file or request urgent help.
- Phishing attempts: these messages 'appear' from a legitimate company, bank, school or institution. They often explain there is a problem and request you to ‘verify’ information by clicking on a link.
- High-level executive requests: often referred to as ‘whaling’, these messages appear highly credible and impersonate senior level executives requesting a wire transfer or data transfer.
When it comes to email impersonation, social engineers leverage both fear and curiosity. This makes detection more difficult unless a user is alert to them. Awareness is therefore the number one defensive measure.
Top Tips to Protect against Email Impersonation Attacks
- Educate and inform employees: train users on how to recognise impersonation emails and avoid falling victim to them.
- Take a step back: spammers want you to act first and think later. If a message conveys a sense of urgency, don’t be pressured – take a step back and review the situation.
- Research the facts: be suspicious of unsolicited messages. If an email appears from a genuine company, do your own research. Use a search engine to visit their website or a phone directory to find their phone number, rather than clicking on links.
- Make faking messages difficult: use customised stationery and unique identifiers in messages to make it more difficult for cyber-thieves to copy.
- Invest in email security: use advanced email gateway technology to identify and quarantine suspicious messages through names, domains and keywords. Install anti-virus software, firewalls and email filters and keep these up to date.
- Review existing processes and procedures: consider separating duties and changing authentication and approval methods by adding a second signature or lowering the value required for secondary approval.
Social engineering attacks are on the rise. Through a combination of awareness, technology and better internal systems and processes, it is possible to reduce the risks and protect your business from financial and data loss.
How to improve your overall email security
Protecting your business against advanced email threats is possible. Cloud-based provider, Mimecast, offers the most comprehensive email security and compliance solution in the market today, with;
- Impersonation protection against malware-less whaling attacks
- Targeted protection against malicious URLs in spear phishing attacks
- Defense against weaponised attachments
Already using an email security provider?
Mimecast offers added value with an integrated email security, continuity and archiving solution from as little as £5 per user. Email security is a crucial part of your overall IT security strategy. Since GDPR came into force, businesses that suffer a data breach and are found to be non-compliant, face heavy fines. As such, IT security will continue to grow in importance. For a comprehensive guide to securing your systems, read our practical guide to IT Security for SMEs. To find out more or to discuss your security requirements, please get in touch.
