E-Security Best Practices

Protect your company from attacks.

E-Security Best Practices

Seven Steps to Secure

Email is used for almost everything now a days; what was once a platform for messaging has become an essential part of a person’s identity. However little people look at e-security best practice to ensure security. User’s are asked to give their email address for government and official documents, as well as discounts, coupons, and newsletters from their favorite stores and brands.

The wide range of institutions and companies that use email, highlights just how much email connects us with the world. With email being so important to our everyday life, it is surprising how little users know about protecting themselves and their email from attacks. The following steps will showcase e-security best practice and will help to ensure both you and your information is safe.

Be Wary of Web Crawlers

One of the biggest threats to email security is the ease of accessibility to email addresses; the more public an email address is, the more likely it will be targeted for attacks. Spammers can easily collect and target published emails by using bots to crawl the web, they can then sell these lists onto other cyber criminals for a profit.

In a perfect world, no one would ever publish their email address online to ensure safety, however we as live in an ever-connected world instead, that is just not possible.

The e-security best practice is to combat against spammers crawling the web for your email address is to publish your email address in a format unreadable to the bots. There are a variety of ways to achieve this, including placing your address in an image and using specific JavaScript codes.

Evaluate Sign-Ups

Email addresses are needed to do almost anything on the internet now; from registering/signing up for websites to downloading coupons and industry white pages. Companies use this tactic to build email lists and encourage users to stay connected with them through newsletters and email updates.

While this is a great marketing tactic for companies, it leaves users exposed to a greater amount of attacks as the user’s email is now in an external email list, that can be hacked into or leaked.

The only real way to ensure your email address is secure after an online sign-up is to register/sign-up with a secondary or alias email created specifically for sign-ups instead. This keeps your primary email securely apart from the less secure sign up emails, and protects the user against the hacking of the sign-up lists.

The e-security best practice way to do this is to sign up for a free email account through Google, Yahoo, or another free email service.

Upgrade to an Email Security Service

Email security is more than just spam filtering and anti-viruses, it involves using a wide range of tools and tactics to detect and forecast email security flaws and attacks. Business email compromises (BECs) are growing in both numbers and sophistication and email security must grow with it.

Every day, hackers are finding new and innovative ways to breach company emails and monetize their attacks. These attacks are evolving at an expedited rate, and having in-house security applications and/or software will not be enough to stop them

Companies cannot fully protect themselves from BECs without an email security service. This is because in-house security applications and software rely on previously discovered attacks and cannot fight new style of attacks as they are launched. Email security companies use state of the art tools and techniques to monitor BEC trends and tactics, identify and filter both new and old attacks, and adds a layer of protection between the hackers and employees.

Choosing an Email Security Company

While there are many options for email security companies, it is important to assess each company’s product offering, support reviews, and dedication to research and development. Email security companies that invest time and money into their own R&D, understand their service from beginning to end, allowing them to suite each client’s need.

Another benefit of an email security service with a strong R&D department is the ability to create new code and techniques to counteract the growing attacks. The best example of this kind of advancement is the formation and use of threat intelligence. This technique uses past data and a variety of different conditions to determine users who may send an attack, what type of attack it will be, and other significant information before it happens.

Enable Encryption

When sending an email, the electronic signal will travel through servers belonging to other organizations to get to and from your desired destination company. These other organizations can easily stop, read, and edit the original email as it passes through their server, then send it on. E-security best practice calls for encryption to ensure data safety.

The use of encryption allows companies to ensure that if anyone does decide to look at the email, the information would be unreadable., The e-security best practice is to, at the minimum, implement TLS encryption to protect all information sent and received through email.

What is TLS Encryption

Implement a 2-Factor Verification Policy

Even with awareness training, there is still a possibility that a user falls for an email security attack and loses their credentials, leaving their email insecure. To avoid the high costs and deep losses incurred by BECs caused by these overlooks and accidents and follow e-security best practice, a 2-step verification process should be implemented. This will add a layer of protection is added and the hacker is unable to gain access from the stolen credentials alone.

2-Step verification is usually done by requesting the user’s account password as well as a randomly generated verification sent to a trusted device. This type of security stops hackers from being able to access accounts as they would only one form of verification (user password) and is an e-security best practice.

Avoid Public Wifi

Public Wi-Fi is often overlooked as a security weakness by users. This is most likely due to the convenience of using public Wi-Fi and a general lack of cyber security knowledge. When using public Wi-Fi, the user’s machine is more vulnerable and can easily be spied on by possibly malicious users.

A 2015 survey showed that 77% of people reported they were not concerned about security when accessing Wi-Fi outside the home. As a users feeling of safety increases so does the risk of phishing and other attacks; e-security best practice should be followed for safety.

Hackers are known to use a variety of tactics to hijack public Wifi’s such as creating an evil twin. In this tactic, the hacker physically goes to a public place and creates a public Wi-Fi hot spot usually named after the location (i.e Starbucks_FreeWi-Fi). The scammer can then just sit back and wait for users to connect. Once connected the hacker can launch a man-in-the-middle attack and start to listen in all the user’s internet traffic or request credit card information as they do in pay for access tools.

The only way to completely ensure email security is to follow e-security best practice and always avoid accessing email from public wifi.

British banking giant, Barclays highlights the dangers of using public Wi-Fi in there video below:

Phishing Awareness Training

Phishing by email is one of the most successful tools used by cyber criminals and is responsible for 91% of successfully targeted attacks. E-security best practice is very important when it comes to these types of attacks. Phishing emails will infer urgency on a user, usually to click on a link or open an attachment, but CEO Fraud and other wire-transferring scams are also common.

Phishing and spear phishing can lead to billions in losses and is one of the foremost security issue facing companies today. Phishing awareness training allows companies to educate their employees on the techniques and consequences of phishing attacks. These programs usually consists of a brief lesson about phishing as well as exercises with fake phishing email attacks.

Studies have shown that phishing email success rates fall to 4% after an employee completes just four awareness training sessions and the rate drops even lower to 0.2% after five. Phishing awareness training is an easy way to implement e-security best practice and protect both the company’s and employee’s emails and private information while increasing email security.

Contact Us For Information on How We Can Help Your Company

mcafee end of life — Conor Gavin Owner at Conor Gavin & Co. Chartered Certified Accountants The Small Business Specialists