Email security tips for small businesses

Fraud Insight

In today’s digital age, email has become the lifeblood of communication for businesses of all sizes, but it also presents a significant security challenge, especially for small businesses.

As cyber threats continue to evolve and become more sophisticated, protecting sensitive information and ensuring the confidentiality of email correspondence has never been more crucial.

In recent years cyberattacks via businesses’ email servers have seen a dramatic rise across the board.

Many organisations which are the most vulnerable to this type of attack have not implemented basic cybersecurity practices to keep their systems safe from Business Email Compromise, (BEC), and other more traditional forms of email-orientated cyberattacks.

BEC is a serious type of digital fraud and extortion that seeks to take advantage of the daily wave of email communications between businesses. 

Through a complicated process of social engineering, cybercriminals impersonate an employee or trusted business associate and convince victims at the same company to transfer sensitive information or funds to a hidden account. These types of attacks vary in severity but are usually very costly to the targeted business. 

Essential email security measures:

Business email accounts are for business

With work being an important part of everyone’s lives, it can be tempting to use your business email to sign up or log in to certain services that your personal accounts do not have access to. However, using your company’s email for your personal online activities gives a scammer the ability to profile you more easily, which could lead to a much more targeted cyberattack. If you are using your personal computer or home Wi-Fi connection, which are both not usually as secure as an enterprise connection or the customised machines used in your workplace, you are giving hackers a better chance of stealing your business credentials. 

Don’t use your business email on public Wi-Fi

Even if you are using your company’s secure machine to access your business email account, public Wi-Fi is the perfect gateway for hackers and cybercriminals to infiltrate your machine and steal your sensitive data.

Strong passwords and passphrases

We recommend that all employees use “strong” passwords or passphrases. A password is considered to be “strong” when it is sufficiently long (12-14 characters) and contains a mix of special characters, numbers, uppercase, and lowercase letters. Equally, “strong” passphrases follow much the same rules, except they should be between 15-20 characters long and use letters from other languages (if possible).

For each of these, the most important thing to remember is that they must be unique and only used for one application. 

Phishing scam and attachment awareness training

Invest in simple cybersecurity training for all your employees. Also teach the employees about the dangers of phishing scams and email attachment attacks, otherwise known as malicious attachments or HTML smuggling. The main points to cover would be:

• An awareness of common phishing scams, such as fraudulent websites and login windows that harvest a user’s login credentials and mimic common pop-up windows, such as the Microsoft Outlook Login window.

• Knowledge of the most common email attachment vectors that malware can be hidden in, such as .DOCX, .HTML, and .EXE. This also includes a recent and popular form of email cyberattack known as HTML smuggling.

• Warn your employees to never click on any link that looks suspicious or is sent from an unknown sender. Malicious links are the easiest way for scammers to successfully carry out a cyberattack on your employees and your business, usually via some sort of phishing scam website.

Enable Multi-Factor Authentication

One security practice that is becoming more and more popular, because of its effectiveness, is multi-factor authentication. Sometimes referred to as MFA, two-factor authentication, or 2FA, multi-factor authentication provides your business email accounts with multiple levels of security checks before an employee is given access to their messages. Examples include an additional password, a code from a secure SMS, or an answer to a predetermined security question.

Don’t forget to logout

Co-opting someone’s account and masquerading as another employee is one of the easiest ways to commit cybercrime and evade detection. So, to stop yourself or your employees from becoming unwitting suspects, make sure that everyone in your business remembers to log out after each session and to never share their login details with each other. – Kaspersky

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave

Related Posts

Fastjet is Econet Victoria Falls Marathon official airline partner
Fastjet is Econet Victoria Falls Marathon official airline partner

Herald Reporter OVER 5 000 runners from more than 40 countries have registered to participate in this year’s Victoria Falls Marathon, to be held on July 5. Fastjet, which has…

Continue reading
Minister Kazembe assesses progress on the electronic traffic management system
Minister Kazembe assesses progress on the electronic traffic management system

Diana Nherera Home Affairs and Cultural Heritage Minister Kazembe Kazembe on Wednesday toured ongoing works on the electronic traffic management system being developed by TelOne, describing the project as a…

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

×
×