Cyber-attacks can cost companies a fortune and the most common way to get valuable information is through people’s emails. It’s important for you to understand how a threat can be presented, how to implement the best security practices, and generate employee awareness.
According to the report released by the Canadian Federation of Independent Business (CFIB) “About 61,000 small and mid-sized businesses were victims of cyberfraud last year. More than 80 per cent of businesses that experienced a cyberattack said it came through email scams and phishing attempts. Additionally, 50 per cent encountered malicious software.”
What are the most common email threats?
Cyber criminals are constantly finding more advanced ways to strike. They’ll deliver a variety of attacks taking advantage of your e-mail such as malware, spam, phishing, spear phishing and social engineering among others. You’ve probably heard these terms, but you don’t actually know what they mean so let’s take a look.
Malware: Short for malicious software. It could be any program that is deliberately created with the purpose of doing harm. Spyware, Trojans and other viruses are considered malware.
Spam: Meaning “Unsolicited Bulk Email” spam is unwanted email sent to a large number of users. Some of those emails can be harmless but others may contain malware.
Phishing: Comes from the word fishing because criminals will try to attract you using a fake lure that could be a legitimate looking email, website and ad, hoping users will bite by providing the information the criminal has requested such as account login information.
Spear phishing: While most phishing attacks can be conducted in mass, spear phishing is highly targeted, generally focus on public persona, business executives and other lucrative targets.
This technique follows a model known as The Attack Cycle, it begins with information gathering, the attacker looks for information about the target, this could be achieved by looking at social media for example. It continues by creating a relationship with the victim, after gaining trust the social engineer will trick the victim into divulging seemingly unimportant information. Finally, execution, using the information given by the victim to achieve the purpose.
What are some best practices?
- Avoid using a personal account to send company data, this includes using your personal email account on the job or sending company documents to your personal account.
- Messages that try to persuade you to send your password or credit card number are scams even if they appear to be from your bank or your system administrator.
- We highly recommend not using public devices but if you do, make sure to log out after accessing corporate resources, if you don’t log out anyone that uses that device after you will have access to your information.
- Be aware of any emails received that come from unknow senders, don’t click on suspicious links and remember it’s best practice to avoid opening attachments from unknow senders especially if they seem peculiar or out of context. Cybercriminals will try to create very appealing titles to get you to open emails, click and download.
- Create a strong password. If you want to know how to create a strong password click here
More technical recommendations:
- Use a reputable antivirus provider with active scanning.
- Safely back up all data.
- Use a 2- factor authentication or a multi-factor authentication method.
- Make sure to enable your firewall.
Using proven methodologies, our experts assess the security of your network to ensure a thorough analysis and testing of your network security policies, processes, and controls.
Don’t hesitate to contact us, this is what we do!