Email is one of the key sources of viruses and malware attacks. That’s why it’s vitally important to have the right email protection in place for your business.
In this article, we will cover the 7 different types of email attack and exactly what you need to do to make sure you are fully protected. This article will take you from sinner to saint will give you the knowledge and actions to keep your business email secure.
Why is email a security risk?
Email is an amazing invention allowing us to connect with people throughout the world and send messages in a split second. However, due to its widespread use and its global reach, it can also be a tool that is ideal for spreading viruses and for defrauding people en masse.
Here are the seven main types of malicious email that you need to be aware of.
1. Email borne viruses and malware
One of the key email security risks to be aware of is email-borne viruses and malware.
The Melissa virus spread quickly through email back in 1999, and it was one of the first to use this method to infect a wide range of people. At the time this was the fastest spreading virus ever.
Ever since then, email has been one of the key tools that cybercriminals use to spread viruses. This can be done for several reasons such as stealing valuable information such as passwords and bank details via keyloggers, providing damage or disruption to your computer or installing malicious software to gain access to your system.
2. Spam
Spam may not be the most damaging in our list but it certainly can be disruptive and time-consuming, causing a big impact on productivity. Also worth noting is that spam is more likely to contain malware than regular email. Just like other types of unwanted email, the correct systems need to be put in place to filter out spam emails to keep your inbox clear. We will go into the specific actions later on in the article.
3. Phishing and spoofing
Phishing refers to receiving an email from someone impersonating someone else. The most common examples are your bank, PayPal, email provider or even a friend or colleague (see sins 4 and 5 below). This is why it is vitally important to be on the lookout for these types of emails and be aware if anything doesn’t seem right.
These days, cybercriminals have become more sophisticated, and they can now “spoof” emails. This means that even if you check the sender’s email address, it may appear to be from the right person. This is harder to discern than the more basic phishing attack discussed above.
4. Whaling
Whaling is a particularly nasty form of targeted phishing where cybercriminals will target senior leaders and key decision-makers in a business. They will use various influence and social engineering tactics to trick these people to carry out a certain action such as a large bank transfer. When these appear to come from another colleague, they can be very persuasive and highly damaging.
5. Thread hijacking
A slightly less common but equally dangerous form of attack is thread hijacking. This technique involves hijacking an existing email conversation for malicious gain. The cybercriminal will then encourage recipients to open emails containing malware and if they become infected, will be sent throughout your contacts list. Similar to spoofing, thread hijacking is harder to spot because it will appear to come from someone you know.
6. Ransomware
Ransomware is commonly spread via email. This type of attack involves taking a user’s files or information hostage usually by encryption and then demanding a ransom (usually paid in a form of cryptocurrency) is paid for the safe return of said files. Of course, The cybercriminal rarely returns the files, regardless of whether the ransom is paid or not.
7. Human error
The final email security sin and one of the most deadly is human error. Almost all of the above types of threats are only made possible by human error of some sort. This may involve reading an email incorrectly, not verifying the sender is actually who they say they are or clicking on a link before checking it is safe.
Your action plan to protect yourself and your business
Now we know the 7 email sins to watch out for, it’s time to put some steps in place to make sure you’re protected.
Filtering
Email filtering is one of your key tools to protect against not only spam but malicious emails as well. Having a substantial email filter will stop the majority of these types of emails from ever reaching your inbox.
Phishing Protection
In addition to standard email filtering, some vendors offer advanced products that are specifically engineered to spot and block phishing attacks. One example is Barracuda Sentinel. If you are in an industry that is more at risk from these attacks, such as insurance or finance, this should be an option you should seriously consider.
Anti-Virus
Good antivirus software is the next line of defence and it’s a necessity. In the event of your machine becoming infected by viruses or malware, Your antivirus should remove or quarantine this before it does any damage. Because new viruses are constantly being released, it’s vitally important to make sure anti-virus definitions are kept up to date.
Backups and archiving
Backups and archiving are your insurance policy. If your machine does become infected and cannot be removed, you will need to restore the infected files from a backup. It’s important to have a comprehensive backup strategy that retains backups for whatever length of time is suitable for your business. Having only on-site backups is a risky strategy as if these become infected as well, the data will be lost. Therefore it’s best practice to retain an off-site cloud backup in addition to any onsite backups.
It’s important to not get file backup confused with email. If you lose an email, your file backup will not help. This is where email archiving comes in. Email archiving is much like a backup for your email system. It is important for the same security reasons and many industries require long-term access to historical emails as well.
Training
As mentioned under sin #7, human error can be the cause or prevention to all of the threats above.
That’s why it’s finally important to educate staff on email security. There are various online training options and guides available. Even sharing this article is a good start.
Here are a few tips. To combat phishing, make sure staff are more aware when they receive any email relating to finance. The email may be genuine, but always be more careful before opening or clicking on any links.
You should also always check the email address of the sender. If, for example, the email is supposed to be from a particular bank but the email address is spelt incorrectly, delete the email right away.
Inform your staff that emails can be spoofed. Make sure they are aware that this is a legitimate risk.
Finally, be sure to implement internal processes that ensure additional checks are in place. For example, If a payment is requested via email, this must be verbally confirmed by the finance director before the payment is taken.
Summary
You should now be much more aware of the 7 email sins that your business faces and what you can do to protect yourself against them.
If you would like to quickly review how secure your IT is, check out our IT security scorecard. This will review your level of security in all key areas and in under 5 minutes, will give you a score based on how good your security currently is.
If you have any questions about how to make sure your business is secure, get in touch with the team today.