It’s a special National Email Week this year, as the medium everyone loves to hate celebrates its 50th anniversary this October. While email has simplified communications, it has also dramatically changed the pace of work for all of us. Coupled with the ease and accessibility of mobile devices, it’s no wonder that checking email is often the first thing we do in the morning, the last thing we do at night, and too many times to count during the day.
The first email message was sent by United States Department of Defense contractor Ray Tomlinson in October 1971. How he could have known that that first “electronic mail” would eventually lead to a world in which 4.147 billion email users would send about 319.6 billion emails daily.
Unfortunately, an estimated 85% of those emails are spam, junk mail or worse: phishing emails or other messages bearing malware payloads. The dangers presented by phishing attacks are real. The Proofpoint State of the Phish 2021 report says 57% of survey respondents experienced a successful phishing attack in 2020. The Verizon Data Breach Investigations Report 2021 observes that phishing was involved in over a third of all successful data breaches in 2020, versus just one quarter of them in 2019. Most of those phishing scams lured victims into disclosing personal information or unwittingly releasing malware into their environments, helping to make 2020 the worst year on record for cyber crime.
How can you defend yourself and make National Email Week a safe one for you and your business? Here are some tips:
Corporate Tactics:
Get Patched: This is a big one. The recent Microsoft Exchange Server vulnerabilities were “zero day”, meaning exploits were found in the wild at the same time the bug was discovered. But many weeks after fixes were released, organizations were still falling victim to the bugs. It’s vital for all systems – including email infrastructure – to be protected by regular patching and maintenance.
Email Security: Spam filtering, secure email applications, and endpoint security are all important tools in the fight against phishing and malware. Used in combination, either in-house or “as a service”, they will reduce the number of malicious emails over-all, and help prevent or mitigate the damage done for those that do sneak through.
Encryption and DLP: Do you deal with sensitive information? Secure, encrypted email services might be right for you, ensuring that only authorized individuals can view your email/document exchanges. Data leakage protection (DLP) tools can also help prevent “disclosure-by-email” by identifying and blocking messages containing sensitive attachments or financial data like credit card numbers.
Secure Configuration: If the acronyms SPF, DKIM, DMARC don’t mean anything to you or your IT staff, then chances are your system may not be configured optimally to protect your email domain from spoofing attacks. Do the legwork or seek expert assistance to evaluate your email set-up.
Train, Train, Train: You’ve heard it a million times: security awareness is essential. Why not make National Email Week the time to act? A trained, vigilant, and cyber aware workforce is one of the best defenses against phishing cyber attacks.
Compliance: Setting up acceptable use guidelines and defining email retention policies can help prevent staff from overloading their mailboxes, and actually make them more productive. Lean inboxes support better business continuity, less onerous e-discovery, faster data recovery, and will minimize data exposure in case email accounts are breached.
Individual Tactics:
Don’t Trust, Verify (Part 1): Were you expecting that attachment? Does the “voice” in your friend’s email seem a little off? Don’t recognize the link in the email when you hover over it? If you’re not sure, then play it safe and ask for help, or contact the sender directly. One wrong click could cause serious repercussions.
Don’t Trust, Verify (Part 2): Just because the name of the sender looks right, it’s not a guarantee. Remember that the “display name” on an email is just text – take a look at the actual reply-to address on an email to verify that a message is really coming from a genuine source.
Group Email Alert: Proofpoint’s report reveals that one of the favourite targets for phishing scams is a generic corporate mailbox. If you are responsible for checking the “careers”, “service”, “info”, or “support” general mailboxes for your company, you are in the crosshairs. Take extra precautions and avoid clicking links or opening attachments.
See It, Say It: If you do get a spam message, report it to your spam filtering service or IT administrator. Each example can help improve protection rules and alert the right people to potential problems.
Work/Life Balance: Help maintain security by keeping your personal life separate from your corporate world; don’t use your work email address for personal stuff, and definitely don’t use your personal email address for work stuff! At home, even consider multiple email addresses – you can help keep focus by having a general home address for mailing lists, e-flyers, and other mass email, and a separate more private one for personal communications that you only share with friends.
Reply-all/Over-forwarding: This might not seem like a security issue, but remember that anything you put in an email could get forwarded to anyone further down the road. More than once, reply-all or forwarding to the wrong person has revealed information best kept within a smaller circle. Break up your emails, check the copy-list, or perhaps pick up the phone instead of typing a reply.
Have you got other email security tips? Join the conversation to keep us all safe from the scourge of phishing and email-based malware attack. And have a happy and safe National Email Week! #NationalEmailWeek