In today’s connected world, email is an important communication tool for businesses. However, cybercriminals also use it to steal sensitive information from unsuspecting users through phishing.
Phishing sounds exactly like the term “fishing” because it’s an act of “setting out hooks” to “fish” for passwords and financial data from the “sea” of internet users. These messages claim to be from a legitimate entity such as trusted company or individual, and are usually sent by bulk.
According to the Federal Bureau of Investigation (FBI), business email compromise (BEC) has cost organisations £5.50 billion since January 2017. As long as email exists, there will always be phishing attempts. Here’s are some best practices you can follow:
#1. Review your current email configuration
One simple way to improve email security in your business is to review your existing configuration. If your employees are complaining about unsolicited emails in their inbox, check if your system has the spam filter turned on.
Additionally, check the spam folder regularly to make sure that legitimate messages don’t end up in your spam folder. This way, harmful messages are the only ones filtered out while safe emails make it to your inbox.
#2. Use multifactor authentication (MFA)
MFA uses more than one method to verify a user’s identity, such as a fingerprint or a one-time code sent to the user’s smartphone. By adding another layer of security, cybercriminals will have a harder time infiltrating email accounts to committing financial and identity fraud.
#3. Utilise mailbox intelligence
Sifting through several emails in one day can get overwhelming, and if spam gets mixed in, it could even become dangerous. This is where mailbox intelligence comes in handy.
This technology determines which contacts are safe and which need to be inspected more closely. For instance, you can configure your email system to mark all emails from your company domain as safe. Any other emails outside the network can be sent to the spam folder, as these are more likely to be phishing attempts.
#4. Perform live phishing exercises
It’s not enough to just educate employees about phishing with a book or an online article. Organise regular training sessions to keep your employees informed on how to protect themselves from cyberthreats.
Conduct live simulations of phishing attempts to see the strengths and pain points of your organisation. Send a fake phishing email to everyone in the company, and observe their reactions. Provide the necessary training to those who struggled with the exercise.
#5. Implement web and document isolation
Sometimes, email security systems are unable to correctly determine the authenticity of websites or documents. That’s why you should implement web and document isolation features like the ones offered by Menlo Security and Symantec.
This feature executes web sessions away from endpoints, preventing malware-infected websites from reaching devices. Only information marked as safe is delivered to users.
If your employees open an attachment, it won’t immediately download the file in their system. Web and document isolation will open it instead in a separate browser where the file cannot harm the host machine. Suspicious web forms, a common attack vector for hackers, are rendered safely as a read-only document, preventing the user from entering their credentials.
Office Tek offers email protection and continuity solutions that protect your network infrastructure from email phishing. Proactively secure your data by just paying Office Tek’s flat monthly fee, which costs less than a full-time employee’s salary. Contact us today to learn more.
Like This Article?of our most popular posts