The potential for human error is a cyber criminal’s best friend. And email is a great way for them to exploit it: criminals have a direct line to a vulnerable part of any organisation’s security. So if a workforce isn’t aware of email security best practices, their business is living on the edge. Beyond simply installing a firewall, there are various measures CIOs and IT professionals can take to minimise risk. Starting with the most obvious…
You might as well start with what you know. Place any known cyber threats and spammers on a list. Do likewise for known, trusted domains. This is probably the simplest way of keeping the bad guys out and letting the good guys in.
This will weed out the most obvious attempts to enter an employee inbox. Granted, even with a good filter in place, plenty will still get through. But this will minimise the scope for casual employee clicks spelling disaster. Impress on employees to never reply or click “unsubscribe” as that will confirm the address as legitimate to the spammer.
Malicious emails that do beat the spam filter will very often be phishing. Such emails usually contain a link to a familiar site. E.g. Pay Pal. This site will be fake and ask the victim to enter personal information. Training employees to spot and ignore phishing scams is the number one response to this. In addition, a “simulated phishing attack” could also help. Essentially a fake attack designed to test employee knowledge and show those who fail it the correct course of action.
You can’t trash any email that looks unfamiliar. Then you’d likely be ditching legit items you want to see. Antivirus and anti-malware email security should be installed on top of a spam filter. This will scan all emails and attachments and alert an employee if there’s reason for concern.
Another easy win is creating strong, hard to guess passwords. I.e. abstract word and number combinations. Couple that with multi-factor authentication. This makes password logins require credentials on top of a username and password. Fingerprint scanning, facial recognition, security question etc.
Your typical WiFi hotspot is not run by an IT professional. Security is thus, lacking. Yes, boycotting public WiFi can be easier said than done. So, if 100% necessary, consider using encryption software.
In many ways, a business’s security is only as strong as its weakest employee. So underpinning the above is sufficient education and training. This will make the first line of defence – humans – less prone to human error. Still, no strategy is foolproof. One final consideration is the frequent and automatic backup of all company data. This way, when threatened by a ransomware attack, a business can simply wipe and restore.