LinkedIn
Instagram
facebook
Twitter

Support: 01242 504614

Sales: 01242 388530

phone
LinkedIn
Instagram
facebook
Twitter
Home > Cyber Security > Email Security Tips: Our Ultimate Guide to Being Part of the 8%

Email Security Tips: Our Ultimate Guide to Being Part of the 8%

by | Jan 4, 2019 | Cyber Security

email security

The vast majority of cyber security attacks happen through email. We’ve compiled a list of email security tips to protect your organisation’s email accounts from hackers.

 

Did you know that 92% of all cyber security attacks on enterprises start with an email?

According to a 2018 report by Cofense, email delivers 92% of all cyber attacks to organisations, with over 50% of malicious emails being a “phishing” attack. These figures are consistent with a Deloitte report’s findings, which show that 91% of all attacks begin with a phishing email to an unsuspecting email user.

 

What Is a Phishing Email?

 

Phishing is a commonly used method of cyber attack where disguised email carries viruses, malicious software and links to fraudulent sites.

In recent years, phishing emails have become more convincing than ever, addressing recipients by name and using the credentials of an organisation they interact with, such as a bank, healthcare provider and even HMRC. Here’s an example of a very convincing phishing email from “Microsoft” claiming “Unusual sign-in activity”.

phishing email

Image Source: Phishing.org

 

A phishing email often asks the recipient to resolve a problem, such as alleged credit card fraud, or claim a prize (such as a voucher) from a store they frequent. The email can have a dummy phone number that connects the recipient to a scam call centre or carry a link that directs the user to a spoof website — a complete clone of a legitimate website, complete with images and a log-in window.

Once a user provides their username and password to the fraudulent site, an attacker will use those stolen credentials to remotely log-in to that user’s email. Then it’s open season; the attacker can download personal financial information, social media logins and personal messages.

This is bad enough for regular consumers, but the effects can be more devastating if the phishing email compromises a business email account carrying sensitive corporate information.

Enter the world of business email compromise, where fraudsters use phishing emails to ask suppliers to send money to their account or pose as the company’s CEO to get their accounting departments to disburse money.

business email compromise

Image Source: National Cyber Security Centre

 

6 Common Scenarios of Email Attacks Aimed at Businesses

 

Over the last few years, the team at Optimising IT has been called in to help organisations of all sizes and industries with their cyber security following a breach.

It’s unfortunate, not only that the breach occurred but that you could have greatly reduced the risk of it happening in the first place with simple steps — often using existing, properly configured solutions.

Compromised email accounts are perhaps the most common IT issue we see. While adopting cloud-based solutions and remote access to on-premise email platforms is great for productivity and resilience, it exposes your business to cyber attacks if your cloud systems are not appropriately secured.

Once an attacker has gained access to a victim’s email, we have commonly found the following scenarios:

  1. Forwarding rules are set up to capture specific types of emails, such as invoices or requests for payment.
  2. The attackers set up rules to prevent either outgoing or incoming payments from reaching the compromised user’s email account.
  3. Once a payment request has been captured, the attackers either send out or release to the compromised user a modified payment request with new bank account details.
  4. Attackers direct emails to the compromised employee, requesting a transfer of funds to a new account.
  5. Attackers use the compromised email account to send phishing emails to other people in the organisation or different organisations from a legitimate email source.
  6. Attackers use a compromised email account to get other individuals inside or outside the organisation to download a malicious file. This file has often contained a banking trojan or other malware designed to capture payment information or generate some form of income for the attacker.

 

3 Email Security Myths to Let Go

 

A large part of why organisations are scammed by cyber attackers is because they take a lax approach to email security. This, in turn, often stems from believing in email security myths such as the ones here:

 

1. Your Service Provider Has Your Back

 

One of the biggest myths people and organisations believe is that their service providers, whether it’s their cloud host or email platform provider, will take care of their email security. While it’s true that most companies take steps to keep their platforms as secure as possible, you can’t expect them to be responsible for errors on the user side of things.

For example, if you use Gmail via Google Workspace but opt out of multi-factor authentication, you can’t blame Google for it.

 

2. Hacking Threats Are Overblown

 

According to the Hiscox Cyber Readiness Report of 2019, the average cost of cyber security attack on a business is $200,000 — enough money to put smaller companies out of business for good.

Cyber security is a serious issue that you should not take lightly. And hackers are only getting smarter. It’s safe to say that attackers are becoming more targeted and researching potential victims at both the business and individual levels.

 

3. Small Businesses Don’t Have to Worry

 

Cyber attackers aren’t concerned about the size or type of your organisation — anyone with remote access to email is a potential target. In fact, 43% of cyber attacks target small businesses, according to research by Accenture. Worse, only 14% have the means to protect themselves.

At Optimising IT, we’ve seen large corporations with thousands of employees and SME organisations, with anywhere from 50 to 500 staff, compromised in this way.

 

Email Security Practices to Be Part of the 8% of Safe Organisations

 

Fortunately, it’s not all bad news. You can implement many technical and procedural controls to reduce the likelihood of this happening to your business.

We have two simple solutions that will go a long way towards protecting your organisation’s emails.

 

1. Staff Training and Awareness

 

Education and training are the keys to eliminating user error.

Ultimately, if nobody clicks on a phishing link or opens a bad attachment, your company won’t be exposed to attacks. Of course, this is easier said than done, especially if you receive an email with an attachment from an email address you frequently interact with that’s been compromised.

This is where the next tip comes in.

 

2. Implement Multi-Factor Authentication (MFA)

 

MFA is an advanced way of authenticating the identity of users in your email system.

Even if someone does end up stealing an employee’s email username and password, MFA will still keep them out of your system by requiring them to verify their log-in via a separate secure device, such as a smartphone held by a manager.

 

Need Help with Your Email Security?

 

Let the team At Optimising IT provide your business with personalised and comprehensive cyber security solutions. Our award-winning IT consultancy and managed cloud services will secure your IT infrastructure from end to end, protecting you from phishing attacks and other cyber security scams. 

Get in touch today to learn how you can improve your email security and reduce the risk of this happening to your business.

GOT A QUESTION ABOUT YOUR IT SYSTEMS AND SERVICES?

Our experts are ready and waiting to help you get more out of your business. Get in touch today!

78% Average First Contact Resolution

98.8% Average Customer Satisfaction Score

Rapid Response Time

Cyber Focused Approach

Why Choose Us

why choose us

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

CONNECTED WITH TRUSTED TECHNOLOGY

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

connected with trusted technology

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

Case study

Read Case Studies

Shonga-shonga paminta Cholo neuro na ang sudems jongoloids biway thunder majubis klapeypey shonga sa tungril planggana katagalugan lulu

Testimonials

What Our Customers Say