6 Best Practices for Secure Email Use
Over the past several years, email has become a popular channel for both professional and personal communication. However, it’s also become one of the most common channels for cyber criminals and scammers to use to gain access to company networks and data, and spread viruses, spam, and so on.
Some typical email security risks include:
Email Spam and Viruses – These emails look like legitimate emails, attachments, and hyperlinks. But, once a user opens the attachment or clicks on a hyperlink in the email, it immediately installs malware on their device. If you accidentally open one or more of these emails, don’t reply to the email or click on any links, including the “unsubscribe” link to remove yourself from the email list. Otherwise, you’ll only confirm to the email sender your email address is valid, and you may receive even more spam.
Phishing/Social Engineering Attacks – These emails often look like they come from a legitimate sender (i.e., a reputable business or trusted contact), but they are purposefully designed to trick the recipient into divulging sensitive, confidential, financial, and/or personal information (such as their passwords, bank account, credit card numbers, etc.). In some cases, these emails may even link to what looks like legitimate business websites, but are actually fraudulent. Some signs of a potential phishing attack are email messages which:
- Come from a false email address or domain name. (Phishers often use familiar brand names to confuse their victims, which is known as spoofing. However, according to the Anti-Phishing Working Group (APWG), very few attackers spoof a brand in their domain name. Instead, phishers use other tricks such as fake destination domains, bitty URLs, or insert a brand name elsewhere in the URL).
- Are impersonal (Phishers frequently send mass emails, which means they usually use a generic email subject line and don’t personalize the greeting).
- Contain unusual information.
- Are written in an alarmist tone intended to frighten or intimidate you into doing what they want. (Note: Reputable businesses will never ask you to provide personal information via email).
- Use words like “urgent” or “immediately” to create a false sense of urgency.
- Ask you to divulge personal information.
- Include a poorly written message, grammatical errors, and/or spelling mistakes.
Ransomware – Malicious software that prevents or limits you from accessing or using your computer unless and until you pay a certain amount of money. (The best way to prevent ransomware is not to open or download any files from untrusted or suspicious sources).
Thus, below are six best practices for protecting yourself from potential email security threats:
- Always Look Closely at the Email Sender’s Display Name. If you notice any differences between who the sender says they are and the name in their email address, this is a red flag. (Most companies use a single domain name in both their email address and website URL).
- Only Open Emails and Click on Email Links and Attachments from Trusted Sources. Otherwise, you may unwillingly introduce malware onto your computer. If an email includes a link, hover your mouse over the link to see if the URL looks legitimate. If it doesn’t, don’t click the link and delete the email. Or, alternatively, if you must view the link, open a new browser and manually type the URL in instead of clicking on the link in the email.
- Install and Use Spam Filters and Anti-Virus Software, and Keep them Up to Date. These solutions can help keep unwanted emails from reaching you, and save you a significant amount of time in trying to determine which emails are and aren’t legitimate. (Fortunately, AirDesk employs and manages best practices for virus, malware, and ransomware protection for its users.)
- Use Email Encryption Solutions to Protect Both Your Email and Attachments. These solutions prevent your email and attachment(s) from being read by anyone other than the intended recipient(s).
- Avoid Sharing Sensitive or Personal Information in Email. Always assume any information you share electronically by email or online may potentially be used by identity thieves to invade your privacy. Thus, don’t share any information online you wouldn’t want to see as a news headline.
- Log out of Your Email Whenever You’re Not Using It. Never leave email running and unattended on your computer or phone..
In short, if an email seems suspicious, it probably is, and it’s best to immediately delete it or report it to your company’s IT department. After all, when it comes to email security, it’s always better to be safe.
- Email Security in 2016: What You Need to Know. https://www.inc.com/larry-alton/email-security-in-2016-what-you-need-to-know.html
- What Is Email Security? Data Protection 101. https://digitalguardian.com/blog/what-email-security-data-protection-101
- Best Practices: Identifying and Mitigating Phishing Attacks. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/best-practices-identifying-and-mitigating-phishing-attacks
- 7 Take Aways from the APWG’s Latest Phishing Activity Trends Report. http://www.globallearningsystems.com/blog/post/4-takeaways-from-the-apwgs-latest-phishing-activity-trends-report/
- Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves. https://www.howtogeek.com/173478/10-important-computer-security-practices-you-should-follow/