As email server administrators, we may have extensive knowledge of how to use email safely, but what about end users and clients? It is likely that you, as an administrator, do your best to block spam and malware, and maintain the perfect balance of the universe, but if users are not educated and informed, only one of them is enough by clicking a link spam to put the entire network in a vulnerable position.
How to Secure Email
Keep in mind that many cases could have been avoided if users had the proper information to identify phishing scams versus legitimate messages.
- Fraud such as CEOs (a scam in which the attacker falsifies the boss or CEO in order to deceive everyone) and identity theft (in which scammers impersonate the boss in order to gain access to employee tax forms and classified information) are part of the new phishing attacks.
- A malicious software development team known as The Dukes may have been responsible for several phishing attacks. These attacks turned out to come from individuals within bodies such as Transparency International, the Center for a New American Security (CNAS), the International Institute for Strategic Studies (IISS), Eurasia Group, and the Council on Foreign Relations (CFR). In addition to these phishing attacks, other attacks included using spam email vulnerabilities , especially with Word or Excel documents. The recipient is instructed to enable macros which, when activated, allow hackers to download and run malicious code automatically.
- Toymaker Mattel was attacked with a phishing email requesting a new payment from suppliers in China. Its financial executive received the phishing email claiming to come from its new top boss. Standard protocol requires two high-level officials to approve these types of transactions, but because the CFO and CEO qualified as high-ranking officials, they were able to approve the over $ 3 million transaction for the Bank. from Wenzhou in China. You can read more about this story here.
These are just a few high-profile incidents among many others that could have been avoided if the user had been better informed about email security and safety.
It is important to emphasize that email security is not just the responsibility of the email provider or administrator: it is everyone’s responsibility. Here is a list of security tips that all mail server administrators should share with their users to help keep spam and malware to a minimum and safe:
- Change your password frequently.
- Use strong passwords. Never use a password that contains “password” or “12345678”.
- Use a different password for each of your accounts. If you use the same password for your bank account as you do for your email account, you become a much more vulnerable target to data theft.
- Don’t open an attachment unless you know whose it is and are really expecting that file.
- Be wary of email messages telling you that they will enable macros before downloading Word or Excel attachments.
- Use anti-virus software on your local machine, and make sure it is up to date with the latest virus definitions.
- If you get an attachment from someone you don’t know, don’t open it – delete it immediately.
- Learn to recognize phishing:
– Messages containing threats can be stolen and your account closed.
– They request personal information like passwords or Social Security numbers
– Words like “urgent” – like a false sense of urgency that appear as headings.
– They contain suspicious email addresses with domains very similar to the legitimate ones.
– Poor writing or bad grammar
- Hover your mouse over links before clicking to see if the URL indicates the proper address.
- Instead of clicking links, open a browser and manually type the address .
- Don’t give your email address to untrusted sites.
- Do not post your email address to public websites or forums. Spammers often scan these sites to find new mail victims.
- Do not click the ” unsubscribe ” link in a spam message. It will only let the spammer know that your address is legitimate, which could lead to more spam.
- Understand that reputable companies will never ask you for personal information via email.
- Do not send personal information in an email message.
- Do not reply to spam.
- Don’t share passwords.
- Make sure to log out .
In many ways, your network is only as strong as its weakest link. Don’t let it exist and know your weakest link. In addition to management tools to prevent unwanted threats, user education is key to keeping your network secure. Better safe than sorry.
If you have questions, comments or if you want to know how to implement the next level of security and protection in your company, contact us. Remember that safety is in your hands.