Corporate Email Security
We are in the era of digital technology world where every day new technologies are invented; however, it comes with its own risks as well. Cyber criminals have become reasonably perceptive in their attempts to trap people in and get you to click on a web link or open an attachment/ go to an insecure website. The email they send can look just it come from reliable sources like financial institution, e-commerce site, government agency or any other service or business.
One of the latest type of example of such attacks is; an email coming from an executive asking you to wire transfer money to close an urgent deal. Since it’s the executive who is sending the email, most of the times the recipient tries to execute the request without even verifying it with the sender.
The most common methods used by Cybercriminals are; Phishing and Email Spoofing.
Phishing, the fraudulent practice of sending emails purporting to be from a reputable company, institution in order to induce individuals to reveal personal information, such as passwords and credit card numbers etc.
Email Spoofing, is the forgery of an email header so that the message appears to have originated from someone or some where other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
Following are best practices one must follow while accessing emails or surfing internet:
• Don’t reveal personal or financial information in an email.
• Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
• Don’t open any attachments sent by unknown sources.
• Set complex and unique passwords for your email, online bank accounts.
• Always contact your local Information Security or local IT support team, in case you receive suspicious email or web link.
• Check for signature, most of legitimate will include full signature at the bottom of their emails.
• Don’t believe everything you see, if something is out of norm, it better to be safe than sorry. If you see something off, it better to report it to Information security team.
Summary: Always leverage existing tools and technologies in terms of implementing all security controls, which are already available. Most of Email service providers has Geographical restriction of email access, these features will reduce risk in terms of your mailbox can’t be comprised and it can be access within defined regions. It is highly recommended to use third party Advanced Email security features so that all Phishing, Spam mails are blocked at gateway level. There are other controls in term of enabling Web email only if necessary. Dual authentication is another security controls available with most of service providers and it is very critical for all Technical and Senior management.