Practicing strong email safety goes beyond using a good password and being cautious about opening a message that looks spammy. Malicious emails are looking more and more like the real deal every day. This practice is called phishing. Before we can help you to keep your eyes peeled for phishing attacks, it's sensible to explain the nature of those domains for people who have not encountered the term in the past. Phishing is a straightforward concept many hackers will use to steal email and account information by tricking individuals into handing over their details.
What's a Phishing Email?
Phishing is the malicious practice of sending fraudulent communications that appear to come from a reputable source with the intent to steal sensitive data or install malware. It is usually done through email. These attackers are very clever. Sophisticated social engineering attacks can look identical to emails that users frequently receive from their banks, employers, etc. Within a phishing email, there will be a call-to-action to click a link or provide credentials. Simply clicking the link can allow the installation of malware.
How Do Phishing Attacks Work?
While this process can always vary, this is a step-by-step break down of how cyber criminals can infect your email with this style of cyber attack:
- The cyber criminal sends an email that contains a link to a website you know.
- The victim clicks the link and finds themselves looking at a familiar website. That is often their bank or something similar, but the site is a fake cleverly disguised to look like the original.
- The victim then enters their email address and password used to log into their account.
- The fake phishing site steals the email and password before passing it back to the cyber criminal.
- Now, the real trouble may begin.
When someone at a company falls victim to advanced malware attacks and phishing emails, it can become a disastrous situation. That is especially the case in instances where the business uses the same passwords for everyone in their office. Hopefully, this should highlight how important it is that you develop strong and unique passwords for all your workers. Phishing attacks are no longer as apparent as they used to be. Criminals are becoming increasingly sophisticated, making it more difficult to identify it unless you pay attention to details.
How to Avoid a Phishing Scam
Aside from having a sturdy cyber security plan in motion, strong end-user awareness is one of the best proactive steps offices can take. We've said it before and we'll say it again, using strong and unique passwords is one of the best steps people can take in email security. There is no getting away from the fact that weak passwords are never going to protect your company from data theft or hacking. You need to take a look at all the passwords and phrases people in your office use right now.
A secure password is almost impossible to guess without some insight. The only way a criminal can break into your system is if they use specialist password-guessing software that will run through millions of combinations. The more complex the password, the more time it takes for the software to figure it out. In order to improve your password strength, follow these steps:
- Use upper and lower case letters
- Use numbers and special characters
- Use random numbers and letters rather than words
- Never use your birthday, hometown, school, university, or brand name
- Avoid common letter-number substitutions
- Think in terms of phrases rather than words
8 Email Security Tips for the Workplace
For businesses, educate your employees on simple tips like these. Just know these are not sufficient for a business. Even small businesses have many more access points to their network. The attack surface of a business is much greater than a home, so businesses must deploy a multi-layered threat defense.
- Do not let employees use company email addresses for private messages.
- You need to limit the chances of criminals targeting your email system. The best way to achieve this goal is to implement advanced endpoint security solutions and ensure that only work-related messages are hitting your computers.
- Discourage all your employees from using company communication systems to talk to friends, shop online or do anything that does not relate to their job roles. It is possible that you could end up attracting cyber criminals if you fail to follow that advice.
- Some employees may find this process tedious. But keep in mind that by putting measures in place you are protecting the best interests of your operation and everyone it employs.
- It is vital to note the same rules will apply to you as the business owner. Never make the mistake of using your professional accounts for anything other than work.
- If people in your office need to access their personal accounts for any reason during the work day, tell them to do so using their smartphones and their mobile internet.
- Do not allow anyone to connect any device including smartphones to your office WiFi system if you want to stay under the radar and avoid becoming a target.
- To ensure they understand the importance, consider organizing a company-wide security awareness training program. This is an excellent way to educate employees on the importance of data protection, share email security tips, and raise their awareness of the current cyber threats and technology trends.
Cyber Security Awareness with SumnerOne
Email security is something that affects everyone. Whether you're at work or at home, using these best practice tips and using strong passwords is key to protecting your accounts. Raising awareness about cyber security threats and sharing educational information is one way that end users can stay ahead of becoming victims. SumnerOne has created a campaign to show our support and raise awareness for National Cyber Security Awareness Month. If you would like to learn more about how SumnerOne handles Managed IT Services, contact us for a security assessment. We'd love to share our knowledge and services with you.
Originally published October 9, 2018, updated April 1, 2019