{"id":4728,"date":"2024-03-25T09:30:00","date_gmt":"2024-03-25T09:30:00","guid":{"rendered":"https:\/\/mintivo.co.uk\/?p=4728"},"modified":"2024-03-15T16:04:25","modified_gmt":"2024-03-15T16:04:25","slug":"beyond-spam-filters-advanced-techniques-for-email-security","status":"publish","type":"post","link":"https:\/\/mintivo.co.uk\/news\/beyond-spam-filters-advanced-techniques-for-email-security\/","title":{"rendered":"Beyond Spam Filters: Advanced Techniques for Email Security"},"content":{"rendered":"\n
Emails are one of the easiest routes for hackers to spread malware or for criminals to undertake scams. Malware can be very sophisticated, often loading ransomware or viruses which have the ability to access data or disable your systems. Attackers are increasingly finding new and more complex ways to exploit our reliance on emails and the fact that busy humans often cut corners and don\u2019t follow security protocols.<\/p>\n\n\n\n
Most cyber-attacks occur through emails, known as phishing emails. Whilst emails may be the \u2018way in\u2019 to the network for attackers, it is not simply business data that can be breached. If an attacker accesses your network, they may also be able to access your financial information, bank accounts, social networking accounts and any of the many Internet of Things (IoT)<\/a> devices managed online.<\/p>\n\n\n\n Email safety is therefore extremely important to all organisations, regardless of size.<\/p>\n\n\n\n It is unlikely that any system or training will remove the threat of attacks on our networks via emails entirely. The key to stopping email threats from becoming actual attacks is relatively simple. Implement strong email security protocols and use email security software and tools. There are also some easy steps that users can undertake, but they need to be taken all of the time and with regular reminders and follow-ups.<\/p>\n\n\n\n It is recommended that organisations consider undertaking Cyber Essentials or Cyber Essentials Plus accreditation. These are both Government-backed schemes that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. Not only will the accreditation assist you and your staff in understanding threats and preventing security breaches, it will also reassure customers and suppliers that you take cybersecurity seriously.<\/p>\n\n\n\n As with any security system, there are many options, some more effective than others. It is worth talking to experts such as Mintivo to discuss the best solutions for your particular business and for them to check if you have already been targeted.<\/p>\n\n\n\n These tools work alongside any protocols or training that you put in place for your team. The tools usually suggested are:<\/p>\n\n\n\n As organisations rely heavily on emails as a means of communication with customers, partners, suppliers and between team members, it is essential that an email protocol is put into place and adhered to. The weakest links in any cyber security protocol or best practice are your team, and succumbing to an erroneous email is all too easy when staff are busy and their focus may be elsewhere.<\/p>\n\n\n\n If you haven\u2019t implemented any email protocols, we would suggest that you start with these:<\/p>\n\n\n\n Hold security awareness training, to outline to employees the security best practices that you expect. Update your staff handbook to outline these and ensure that staff are aware of the potential threats and why email security is so important to protecting your organisation and its reputation.<\/p>\n\n\n\n Password security advice has tended to differ in recent years. It is no longer recommended to have a complex password as it has been found people end up writing them down or saved insecurely elsewhere. The National Cyber Security Centre recommends using a separate, strong password specifically for your email account which should not be used elsewhere. In addition, it recommends using three random words to create a password which is difficult to guess, but perhaps easier for you to recall.<\/p>\n\n\n\n Similarly, it used to be recommended that passwords should be changed regularly, but it was found that this led to simple passwords with only a number or digit changing each time. As easier passwords are more readily identified and exploited by attackers, keeping stronger passwords for longer is recommended. Passwords should not be reused across a variety of accounts. If one account is accessed by hackers, they can more easily obtain other data using the same credentials.<\/p>\n\n\n\n MFA is the use of more than one method to authenticate the user\u2019s right to access an account or website. This can include combining a user name and password with a biometric (fingerprint or face recognition) software or by using specific MFA applications such as Microsoft Authenticator, which provide time-sensitive codes to be entered before access is given to the account.<\/p>\n\n\n\n Phishing emails or schemes are becoming very sophisticated and realistic. These are emails that appear to be from a legitimate source and look genuine, but may direct you to an incorrect link or provide incorrect account details to pay money to. Phishing is not a targeted attack, whereas a spear phishing email is sent to a specific individual and a whaling email is an email that targets a high-ranking victim.<\/p>\n\n\n\n It is possible for attachments to contain malicious code which can be executed once opened. These may be inadvertently sent by a trusted source who has been attacked themselves. Whilst attachments with unusual extensions such as EXE (executable program), JAR (Java application program) or MSI (Windows installer) are often utilised by hackers, even standard Microsoft office extensions can carry hidden malicious code.<\/p>\n\n\n\n Whilst these can be useful and timesaving when sent by trusted sources, they can easily be sent by criminals with connections to a different web domain to the one it appears to be. By hovering over the link, it will display the actual domain it will take you to, although this can still replicate a correct domain name. If there is any doubt, type the domain into a browser and avoid clicking any links within emails.<\/p>\n\n\n\n It is recommended that organisations ensure that their staff don\u2019t use business emails for personal use and vice versa. Personal emails are likely to have much reduced security to that of an organisation, and therefore any business emails sent from a personal account could be more easily compromised.<\/p>\n\n\n\n It has become the norm for people to use their own devices for work use \u2013 often referred to as bring your own device (BYOD). If company emails are opened on a device that doesn\u2019t have suitable security controls, credentials, emails and data could be targeted. It is important therefore to set out acceptable devices for use.<\/p>\n\n\n\n If an email is encrypted it means that the plain text it is written in will be converted to ciphertext. This means that if the email is intercepted, it won\u2019t be readable. It is good practice to encrypt attachments for the same reason. Whilst email services offer encryption for messages, it is recommended that encryption also occurs between the email provider and the organisation.<\/p>\n\n\n\n Public Wi-Fi is provided to make life easier for users, but they can make it easier for attackers to access information, too. Anyone using the open Wi-Fi network could access emails and account credentials, so it is particularly important for employees not to use public Wi-Fi for business emails. Using a business Virtual Private Network (VPN) can securely connect users to an organisation\u2019s data, tools, applications and resources whilst working remotely. A personal VPN, however, tends to only mask IP addresses and keeps identities private, as it lacks the more advanced security features of a business VPN which are needed by organisations.<\/p>\n\n\n\n Whilst it may seem obvious, if users have logged out of their accounts when they are not in use, it will prevent others accessing them and causing security breaches.<\/p>\n\n\n\n There are a number of ways that Mintivo can help. If you are concerned about the risks to your business, we can offer a Risks & Recommendations Audit<\/a> which will consider all aspects of your IT security, but if you\u2019d like to initially chat through your email security concerns, please contact us<\/a> and one of our friendly and expert team members will give you a call.<\/p>\n","protected":false},"excerpt":{"rendered":" Why is email security important? Emails are one of the easiest routes for hackers to spread malware or for criminals to undertake scams. Malware can be very sophisticated, often loading ransomware or viruses which have the ability to access data or disable your systems. Attackers are increasingly finding new and more complex ways to exploit […]<\/p>\n","protected":false},"author":6,"featured_media":4729,"parent":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"yoast_head":"\nHow can I remove the threat from emails?<\/h2>\n\n\n\n
What security tools should I have in place?<\/h2>\n\n\n\n
\n
What other email best practices should I implement?<\/h2>\n\n\n\n
1. Training your employees<\/h3>\n\n\n\n
2. Strong passwords<\/h3>\n\n\n\n
3. Password Management<\/h3>\n\n\n\n
4. Use multifactor authentication (MFA)<\/h3>\n\n\n\n
5. Be aware of phishing, spear and whaling emails<\/h3>\n\n\n\n
6. Consider attachments as potential threats<\/h3>\n\n\n\n
7. Don\u2019t click hyperlinks<\/h3>\n\n\n\n
8. Keep business and personal emails separate<\/h3>\n\n\n\n
9. Specified device usage<\/h3>\n\n\n\n
10. Use encryption<\/h3>\n\n\n\n
11. Avoid public Wi-Fi and use VPNs<\/h3>\n\n\n\n
12. Logging out<\/h3>\n\n\n\n
How can Mintivo help?<\/h2>\n\n\n\n