Whether it be for personal or business communications, we use email daily. Newsletters, invoices, bank statements, personal conversations, and even more sensitive information such as passwords and personal identification data are shared via email all the time. The potential of acquiring valuable information makes email a prime target for target for cyberattacks & data breaches: How can we protect ourselves when using email?
Keeping Our Emails Safe
Email security is more important than ever. With sensitive data being exchanged via email, including passwords, financial data, personal data, and so forth, you need to be able to protect yourself and your business. Compromised email security can lead to identity theft, financial loss, reputation damage, and unauthorized access to other accounts, personal or business. The best way to avoid an email security breach is to educate yourself and your fellow colleagues or employees about what an email attack can look like and the steps you can take to prevent them.
Common Email Security Threats
Phishing
Phishing attacks are one of the most common email attack email users encounter. Email phishing is when an attacker attempts to impersonate a legitimate organization to trick you into giving them information. An example could be an attacker pretending to be Amazon and asking you to update your payment information. Another example could be an attacker pretending to be your bank, asking you to reset your password. In both cases, these emails are designed to look like the organization they are impersonating and contain some sort of call to action with a link. Following the link results in a prompt to give them the desired information.
Malware
An email malware attack is when an attacker attempts to impersonate a legitimate organization to trick you into clicking or downloading a malicious file or link to your computer. For example, a malware attack could an attacker pretending to be a billing email that sends you a PDF statement or link to view your statement. In both cases, clicking would result in downloading a malicious file containing a virus that infects not only your computer, but other devices on your network.
Spoofing
Spoofing attacks occur when an attacker impersonates a legitimate user, acting like them to steal sensitive information. While phishing and spoofing attacks sound the same, the big difference between spoofing and phishing is that a spoofing attack tends to be manual in nature and involves disguising not only the email, but the email address as well to successfully deceive readers.
Email Eaves Dropping
Email eaves dropping involves an attacker intercepting & reading your email conversations in search of valuable information. Emails are often sent as plain text, meaning that as they are sent from your computer to the email server, an attacker could catch and read them. An example of this could be an attacker intercepting an email that contains your login credentials for an account or service.
Strategies to Enhance Email Security
Create Strong Passwords – Creating passwords that are hard to crack is an essential part to protecting your emails and email account. Passwords should be decently long as well as complex, containing letters (uppercase and lowercase), numbers, and symbols. The complexity of our passwords is usually held back by what we can remember. Using a password manager, such as KeyPass or 1Password, can help you have unique passwords for all your accounts while only having to remember one, complex password.
Enable 2-Factor Authentication (2FA) – Multi-factor authentication may make logging in feel longer or tedious, but having something like 2FA enabled on your email lessens the likelihood of an attacker getting into your email account. This is because 2FA often requires us to verify ourselves on another device, a device an attack may not have access to.
Encrypt Emails – Encrypting emails is the process of scrambling our plain text emails into something unreadable. The email can only be unscrambled by the recipient of the email, meaning that your email cannot be easily read during transmission! For any sensitive or business emails, encrypted emails are very important.
Update Email Software – Keeping our email clients & operating systems up to date is key to making sure that any vulnerabilities discovered are fixed as soon as possible.
Only Email on Secure Networks – When you are out and about, let’s say, at a coffee shop, be mindful of the emails you send. Public Wi-Fi networks are prime targets for data interception, so when it comes to emailing on them, it is best to not share any sensitive information until you are back on a secure, password protected network.
Incorporate Email Filtering & Antivirus Software – Since email attacks are a known issue, most email services offer email filtering & antivirus scanning services for users. Moving certain emails to “Spam” or “Junk” as well as warning users about questionable emails received are some of the ways our email clients can help us.
Encourage Email Education – The most important and impactful way that we can prevent email attacks and data loss is to make sure that we practice and teach mindful emailing to our colleagues and employees. Often times, knowledge about email security varies drastically between different people at the same job, so making sure that each worker knows to be cautious with email and the data we send is key to keeping our businesses and personal information safe.
Analyze Suspicious Emails – Email attackers work hard to make their emails look legitimate, but often times, there are ways we can identify suspicious features about these emails that show their true nature. One way we can do that is to hover over links in the email. Is it the correct domain name? Do you recognize it? Never click on a link you are unsure of.
The Future of Email Security
As with all technology, email continues to evolve. That also means that the attacks against email will continue to change and advance as well. Keep up with email security practices as well as email security news. When you find yourself reading an email that you don’t think is right, step back from it and do not hand over sensitive information until you and your team can conclude its authenticity.
Want to learn more?
Keeping your business secure is the key to your success! Check out our latest podcast episode where we dive deeper into website security and the strategies we can use to keep sensitive data safe.
