Today's email is rife with cyber threats, and the increasing sophistication of these attacks has both users and businesses rightfully concerned. Once an email inbox has been breached, it may be possible to steal valuable information about customers and clients. That leads to a tarnished public reputation, lots of embarrassing press, and potentially huge sums of lost revenue.
To understand just how easy this kind of ruse is and how much money can be lost, consider two companies you would expect to be immune to email attacks — Google and Facebook.
A hacker recently contacted both companies claiming to be a supplier with unpaid invoices and updated banking information. Neither company questioned the email the hacker sent, and together the companies wired out $100 million in fraudulent payments
. If it can happen to them, it can happen to you.
At this point, the question is: how can companies protect themselves no matter what kind of IT security resources they have at their disposal? In a recent Zix webinar
, cyber security expert Graham Cluley outlined some basic security measures that can deflect many of the worst email threats:
1. Don't assume you're immune.
No organization is immune to email attacks, regardless of their size or industry. Just consider that hospitals, which are not the most obvious or lucrative targets to focus on, have recently been hit with sweeping ransomware attacks. Assuming that you won't be a target automatically puts you in a position of vulnerability.
2. Don't assume you can spot a fake.
Today's hackers are extremely savvy about recreating the look and language users expect to find in their email. It is a huge mistake to think that dangerous emails will raise obvious red flags. As Google and Facebook have proved, even people who are tech-savvy and invested in cyber security can fall prey.
3. Don't ignore your inbox.
Your email inbox is the portal to your entire online presence. It's where you get password updates, important warnings and notifications, and both official and unofficial communications. That is why it's such a natural target for hackers. All users and companies must have a comprehensive cyber security strategy in place, but securing the inbox should be the centerpiece.
4. Don't neglect two-factor authentication.
As you have seen, it's very easy for anyone and everyone to inadvertently offer up their login credentials. But if two-factor authentication has been enabled wherever it's possible, hackers will be denied access even if they have your password.
5. Don't keep your data in just one place.
Email phishing is often used to infect a network with ransomware and wiper attacks. And recent high-profile attacks ranging from WannaCry to Petya illustrate just how expensive it can be to regain access to data. If any and all that data is backed up, however, enterprises are largely immune to ransomware. Even if a network is infected, the consequences are minimal.
The companies that prioritize training, education, and common sense security measures can avoid becoming the next high-profile breach. To hear more insight from Graham Cluley, check out the archived version of our webinar – How to Avoid Cyber Threats in Email