As a form of communication, both on a personal and business level, most people regard email as second-nature. Whilst it’s a quick and efficient way to get a message across, anybody who uses email puts themselves at risk of being a target to hackers. At best, you might be bombarded with spam, but in the worst case scenario you could be victim of identity theft or financial fraud. For a business owner, either option could be incredibly damaging to your reputation. To try and keep one step ahead of the game, here is the lowdown on making sure you, and your employees, use email safely at work.
What are the dangers?
Unfortunately, we live in an environment where cybercrime is rife. Hackers and unscrupulous fraudsters are using increasingly sophisticated ways to gain access to your personal information via email, infect your software with viruses, and compromise your financial security. For many organizations, a successful cyber attack is damaging and may even bring a business to its knees so understanding what the risks are, and how to avoid them, is crucial.
Hackers use a variety of sophisticated ways to infect a computer with a virus or bug, via emails. Often, you get a seemingly innocent looking email encouraging you to click on a link or open an attachment – occasionally using the lure of winning a prize, or asking “important” questions about your banking situation to prompt you to open the email.
In many circumstances, the sender’s address may be somebody you already know, but in actual fact they are completely unaware they’ve become part of an email hacking scam. Clicking on one of these links or opening an attachment can then infect your computer, with disastrous consequences. If the subject line sounds suspicious to you, or looks out of place, don’t open it.
Hackers rely on guessing email passwords to access personal information. They use sophisticated software that can generate potential password names, so the simpler your password is, the sooner they are likely to find it. Hackers are also well aware that people often use the same email password for other accounts and online transactions, which gives them an open invitation to gain access to your private and financial data. If an online email account provider doesn’t come encrypted with Secure Sockets Layer (SSL) protection, then hackers may find it even easier to gain access to emails.
In an effort to capture personal and business details, hackers have developed malicious programs that can infect a computer that can record every keystroke the person makes on the keyboard. This information is then sent back to the hacker, and they can gain personal details and passwords from this.
What can a business do to protect itself?
Whilst hackers are getting increasingly cunning in their efforts to steal information via emails, there are still lots of things that an organization can do to protect itself from a cyber attack.
Firstly, all staff should be made aware of the dangers lurking through email usage. They should be educated on what sort of things to look out for when they receive or send an email. For instance, invitations to open links from unknown recipients should be deleted immediately. Staff should also be advised to be extra vigilant when emailing, and should log off and avoid using email accounts on public computers.
Any email that asks for personal details, especially bank account information, should be deleted, and staff should be suspicious of any email that asks for company information. Spam filters can be useful to set up on staff email accounts, so that dodgy emails will be automatically filtered to a junk account and deleted. If an email address becomes regularly clogged up with spam, then you might want to consider ditching it and opening a new one from scratch.
Spending some extra time creating a difficult-to-decipher password is also worth advising to staff, so that they are less likely to be decoded by potential hackers. By not using the same password more than once for other online transactions or email accounts, it is providing extra security to an organisation. Encourage staff to keep their passwords safe, and never to disclose to third parties – the more people that get to know the passwords, the increasing likelihood that a malicious act could incur.
Any business that sends confidential or sensitive information via email should, without doubt, have up to date encryption software installed, so that it can’t be intercepted and read by any hackers in cyberspace.
Keep on top of installing anti-spam and anti-virus/malware software updates and patches, so that you are fully protected. It’s also worth investing in software that can filter out suspicious content, language or images in emails, both incoming and outgoing.
Avoid web-based email accounts
If you want to ensure your business is protected as fully as possible then choose your email account provider with care, and make sure they have the latest security software installed. Many free web-based email providers are easy targets for hackers, so avoid using these for business emails.
Distributing email addresses
One of the worst things you can do is to play into a hacker’s hands by unwittingly giving them email addresses, which they could then use to target in their cybercrime operations. If staff need to send out emails to a large number of people on a mailing list, then they should use a blind carbon copy (bcc), so that recipients’ names can’t be seen by other people. Similarly, any messages that are forwarded on, should have the email addresses of the previous recipients deleted, as the more times that emails get forwarded, the greater the chance that the list could fall into the wrong hands.
Use digital signatures
If you send an important document via email then it’s worth considering using a digital signature to sign it. This makes it harder for hackers to alter the email in any way and can provide an extra element of security.
Back up data
All businesses should get into the habit of regularly backing up data, in case that a cyber attack does incur and a virus sends your software crashing down. Backing up data and emails provides an added security to a business, and it’s also important not to keep all back up files in-house.
This article was written by Lauren. Lauren is a blogger who specializes in actionable advice for small businesses. She writes on behalf of www.qtandc.co.uk and takes internet security very seriously. When she’s not writing she enjoys watching Friends re-runs, cooking, and spinning (it’s not as painful as you might think)!