Email Security Threats to Watch Out for in 2017

Email breaches were big news during the 2016 presidential election, but it’s not just senior government officials who need to protect themselves from exposure.

Phishing attacks impersonate a legitimate company or individual and attempt to steal people’s personal information or login credentials. Employees and high-level executives must remain vigilant and scrutinize all emails carefully for signs of phishing. This means checking email addresses carefully and, if the email is suspicious, confirming with the supposed sender of the email.

In general, most employees aren’t aware that “bad guys” can access their email as it travels over the internet using a man-in-the-middle (MITM) attack, only one of the many weapons cyber-thieves use. Email encryption keeps messages and attachments illegible from unauthorized users. Use a solution that’s not only secure but also easy to use so employees will use it.

An email threat with a psychological twist, social engineering is used by cyber-criminals to build trust before stealing confidential information. In social engineering, a computer criminal pretends to be a trusted individual (IT support, human resources, outside contractor) and engages in a conversation to gain access to a company’s network. To protect against social engineering, educate employees by informing them never to give out passwords and watch for suspicious activity.

All employees make mistakes, but some are more costly than others. All employees should receive regular training on how to handle sensitive information. Also, a data loss prevention (DLP) solution can scan all emails and attachments to ensure that sensitive information isn’t leaving an organization by mistake or in an insecure fashion.

Spammers often will forge “reputable” email addresses so messages appear to have originated from a trusted source and receivers of the message are more likely to open it. Or, hackers buy a domain that is very similar to the company domain. Employees who are authorized to transfer funds or other similar duties should be trained to look for these deceiving emails.

While most cyber-criminals prefer to do their work digitally, shoulder surfing is one email security threat that takes place in person. Make sure employees working remotely understand this threat and remind them to protect their keyboards and screens when entering important information into their devices, especially when in crowded places such as coffee shops and airport terminals.

There are many ways for hackers to deliver ransomware. Many attackers deliver a convincing ploy to their targets via email, providing a web link for more details that, when clicked, takes the viewer to a malicious website that downloads ransomware and locks the computer until the ransom is paid. Educate employees to not click unfamiliar links, especially shortened links such as bit.ly or owl.ly.