A simple guide to email security
Most attacks happen by email and just having a built-in spam filter is no longer enough.
You’d never be fooled… would you?
Like many people you may think that you couldn’t be tricked by an email attack. We’ve all seen the dodgy emails made to look like they’re from a company or someone you know. Typos, suspect looking attachments and odd requests typically give up the game. But things have moved on.
It’s not just you getting hacked you need to worry about…
You could be having an email conversation with a hacker right now without realising it. Picture the scene – you get an email from your top customer asking you to review a spreadsheet they’ve attached. Nothing seems odd, so you open it. You enable the content to view it, and before you know it, you’ve unleashed a hidden ransomware file across your corporate network.
We’re seeing this kind of attack with increased frequency, and it starts with other people’s accounts being hacked. As a result, you get caught up in the attack as you don’t realise they’ve been hacked. It’s not just ransomware to worry about; the email could request you to make payment for a real invoice to a bogus bank account.
Once hackers gain full access to an account they scrutinise your every communication, building a profile on their victims.
How can you stop it?
With a combination of cutting edge security products and user education, you can reduce the risk to an absolute minimum.
Microsoft’s Office 365 Advanced Threat Protection (ATP) is specifically tailored to stop you getting hit with email attacks. ATP scans all incoming emails and opens attachments in a test environment to make sure they’re safe. It also checks a live database of websites and blocks access to malicious email links.
Perhaps the best feature is AI learning. ATP analyses your mailbox data going back up to a year to learn the behavioural and communication patterns between you and your contacts. ATP then automatically detects phishing attempts and spoofed emails, quarantining them to keep you safe.
In addition to this we recommend using Multi-factor Authentication (MFA) to keep your own account secure. MFA requires you to validate your identity by two means (typically a password and an app), so that even if your password is hacked your account remains secure.
Ultimately though, the choice of whether or not to open an email is down to the user. For this reason we highly recommend Security Awareness Training for your staff.
Conclusion
Email security products and end user training are great by themselves, but using them in tandem is the best way to prevent email attacks.
