Is your email secure? How employees can keep email hygiene and safety

Cybersecurity Month is a timely reminder for organisations to ensure they have a strong cybersecurity posture in place, after all cyber security is everybody’s business and educating everyone in your organisation about the risks is imperative. Recent data from Mimecast has found an increase in brand impersonation attacks, particularly on technology brands – with 272,000 attacks in the first half of 2022, compared to 139,000 attacks in all of 2021.  

Email remains the number one attack vector for cyber criminals, and with the increased demand of hybrid working, email collaboration has never been more important, and cyber criminals are trying to exploit this. According to Mimecast’s State of Email Security 2022 Report, 89% of Aussie businesses are bracing for the fallout form an email-borne attack.   

As our working environments continue to evolve it becomes easier for individuals to fall victim to a scam, so it’s important for firms to ensure they are staying up to date with the latest information and ensuring policies, tech and training are continually being updated.   

How can employees maintain email hygiene and safety? 

With email threats evolving and becoming more frequent, organisations should incorporate best practices to maintain the hygiene and safety of their email inboxes.  

Use a Password Manager

Using weak credentials is the easiest way for threat actors to hack into your account. To keep your account safe, use strong passwords and update them regularly. As an additional measure, passwords shouldn’t be recycled, and users should use two-factor authentication.

Treat every email with caution

Threats can come from a bad actor inside your firm, who has legitimate access to a firm’s network, apps or databases. They may use internal phishing to spread an attack. 

Beware of Impersonation

Business email compromise (BEC) attacks comprise scams where threat actors trick employees through impersonation. They create email accounts to impersonate a senior executive or one of its business partners and utilise social engineering to trick unsuspecting employees into sharing confidential data or sending money, particularly new employees.

To avoid this, double check the email address and domain before actioning, as well as being cautious of ‘fake urgency’ that may come from the email. On top of this, it’s important to have a policy in place to protect against bank detail changes via email. 

Report suspicious emails

Marking emails as spam will help detection in the future. Automatic spam filters incorporate machine learning and move emails into the spam folder if it has been reported in the past.

Be wary of email attachments and links

Also, Cyber attackers may embed malware in file attachments and URLs. A good practice that can be undertaken is to stop automatic downloads and scan all attachments and links before downloading them. Alternatively, email security software can be used to detect suspicious attachments and flag them out to users automatically. 

Utilise a cloud-based email security solution

Cloud based solutions use deep scanning of emails with multiple technologies in their security stack, including advanced machine learning, to minimise the risk of the latest cyber threats.

Garrett O’Hara, Field Chief Technologist in Asia Pacific for Mimecast. He is a seasoned leader of technical sales teams in the Asia Pacific region with experience of growing new-to-country businesses.