Cybercriminals are targeting you and your business through malicious emails. Follow email security best practices and stay safe from attack.
At MMRIT, we regularly advise customers on the threats that modern email attacks present, and how they can deal with them. During a recent discussion, we were made aware of an email sent by a cybercriminal that threatened to publish videos of the recipient watching adult videos unless they paid a ransom in cryptocurrency. The email went into detail around how the cybercriminal had gained access to all of the recipient’s contacts, and used emotionally manipulative language to convince the recipient to pay the ransom.
This would be an unsettling email for anyone to receive, and it serves to highlight the fact that cybercriminals use social engineering as a tool just as much as they find technical means by which to hack into systems and cause damage. User education is key to mitigating the risks that these social engineering attacks present; in this blog post, we’ll give you five email security best practices that you and your users should take to stay safe from attack.
Here is the email we are referring to.
Email Security Best Practices: Five Tips
Our top five email security best practices start with fundamental technical considerations, but they also include user behaviour tips that your users should understand. Even the most effective email security solutions let some emails slip through the cracks, so when your email security fails it’s often up to your users to identify malicious emails and deal with them appropriately.
- Implement up-to-date email security. A strong email security solution should stop the vast majority of malicious emails from hitting your users’ inboxes. At MMRIT we work with Mimecast to deliver email management solutions that combine security, continuity, and archiving that meet the stringent requirements of the regulated businesses that we support.
- Don’t follow links or open attachments. It may sound over the top, but lots of malicious emails sent by cybercriminals contain malware and ransomware payloads that are delivered in seemingly innocent attachments, or downloaded through innocuous looking web links. Unless you are 100% certain of the origin of an email, don’t take the risk.
- Never provide confidential information. Your bank has probably told you via email or text message that it will never ask you to provide confidential information out of the blue. The same will apply for customers, partners, and suppliers. If you receive an unsolicited email asking for password or finance information, the chances are it’ll be from a cybercriminal – don’t fall for it.
- Look at writing style and tone of voice. One thing cybercriminals often fail to mimic is tone of voice. If you receive an email from your CEO asking you to make an urgent bank transfer to a foreign account, the strangeness of the request may alert you to its origins. If not, take a look at tone of voice – would your CEO really make so many typos? Does she always sign off in that way? Be alert to these writing style and tone of voice clues.
- Try not to let yourself be pressured. In the example we discussed at the start of this blog post, the cybercriminal used a highly emotional situation to heap pressure onto the email recipient and convince them to pay a large ransom. Don’t let yourself be pressured, and use common sense at all times. 99 times out of 100, you’ll have nothing to worry about when you think about the actual scenario that the cybercriminal is suggesting.
Stay Safe from Attack
If you want to stay safe from email attack, you need to combine technology, people, and processes in an intelligent, appropriate manner. MMRIT offer end-to-end cyber security services that include email security, training, and consultancy. If your business needs help implementing email security best practices, get in touch with us to learn more.