Since the lockdown, the number of email related attacks have increased, and cybercriminals have become clever in the way they attack. Over the past few months, the media has reported on various ways Cybercriminals have exploited the lockdown as an oportunity to feed on our weaknesses. From Covid-19, Outstanding invoices to employees being laid off related phishing emails have suddenly filtered through our inboxes.
According to a report 667% of phishing attacks are related to Covid-19 in 2020 Phishing attacks not only exploit our fears, but it comes with a deadly agenda of stealing business information.
So how does it work? Cybercriminals send emails claiming to be from legitimate sources to trick remote workers (who are distracted) to react and click on the links, attachments or expose critical confidential information.
Now with many of us not having the right sort of security infrastructure in place, here are our best practices on how remote workers can keep business data safe, and become cyber resilient.
Best Practices to keep your business emails safe
- Avoid using a personal account for transmitting company data
Make sure that you don’t risk your company’s security (and your job) by transmitting sensitive company data via your own personal computer or email address. This includes using your personal email account on the job as well as sending company documents to your personal account.
- Assume all your professional emails are monitored
Remember, your company has a right to see everything you send and receive on your professional account. Therefore, assume that all your emails are monitored, and refrain from sending anything you wouldn’t be comfortable your boss to see.
- Don’t give out confidential information in response to any email
Messages that try to persuade you to send your password or credit card number are forged, even if they appear to be from your bank or system administrator.
- Log off after accessing corporate resources from a public device
Always remember to log off when you finish with secure web sites. If you do not, the next person to use the computer will have access to your personal information.
- Avoid using the Blind Carbon Copy (BCC) option
By putting a person’s email id in BCC, none of the recipients can see the address of the other email recipients.
New email users often rely too much on the TO: field because it is the default way of sending emails. That is fine as long as you are writing to just one person. But if you are sending mail out to a diverse group of people, confusing BCC: and CC: raises some serious privacy and security concerns. It takes just one spammer to get a hold of the email and immediately everyone on your email list gets spammed.
- Avoid being trigger happy with the “Reply all” button
Sometimes the mistake isn’t in deciding between CC: and BCC: but between hitting the Reply all instead of Reply. When you hit the “Reply All” button, your message is sent to everyone who was on the original email, and if you didn’t intend to include them, the information might be bad from both security and personal humiliation perspective.
- Be aware of Spamming as a result of email forwarding
Forwarding emails can be a great way to quickly bring someone up to speed on a subject without having to write up a summary email, but if you aren’t careful, forwarding emails can create a significant security threat for yourself and the earlier recipients of the email.
- Don’t click on suspicious links
If a link looks hidden, or if it comes from an unfamiliar source, don’t click on it. It might take you to an unspecified location and possibly inject malware into your machine when you attempt to download the page. Be aware of any discrepancies in links that look mostly (but not entirely) unfamiliar. Here are a few examples we’ve seen, “Amaz0n instead of “Amazon”, and any shortened links.
- Be cautious with emails from unknown senders
This is our personal best. It’s important to be aware of any received emails that come from unknown senders. Each email should be treated with caution. It is good practice to avoid opening any attachments from unknown senders, especially if they seem to be peculiar or out of context. These could be malicious.
Remember; if in doubt- don’t open it.
- Recognizing phishing attacks in email content
While never opening a Phishing email is the best way to secure your computer, and keep business data safe, even the most experienced email user can occasionally, accidentally open a phishing email. At this point, the key to limiting the damage is to recognise the phishing email for what it is.
Whatever form the Phishing email takes, the goal is to fool you into entering information into something which appears to be safe and secure, but in fact is just a dummy site set up by the scammer. Assuming you have already opened a phishing mail, do not reply, or click on the link the in email. If you want to verify the message, manually type the URL of the company into your browser instead of directly clicking on the link. If your email contains an attachment, confirm it by getting in touch with the sender.
Read more to find out How to spot phishing?
- Beware before clicking to “Unsubscribed Button” to the newsletters you have never subscribed to
A common technique used by spammers is to send out thousands of fake newsletters from organizations with an “unsubscribe” link on the bottom of the newsletter. Email users who enter their email into the supposed “unsubscribe” list are then sent loads of spam.
So if you don’t specifically remember subscribing to the newsletter, you are better off just blacklisting the email address.
- Use Email Encryption services
Email encryption services are meant to protect and disguise the content of your email so that they are not visible to anyone other than the intended recipients.
Our best practices are designed to help you keep your inboxes healthy, and stop you from falling into the Phishing hook. However, to truly become Cyber savvy, why not sign up or enrol onto a Security Awareness Training program and equip yourself with techniques on how to keep attacks at bay.
About Siccura Cybershield
Siccura Cybershield is the most interactive Data and cyber security training awareness programme. With a philosophy as simple as Test. Aware. Engage, we’ll help you:
- Test your employees and IT defences by playing the role of an attacker
- Make your employees aware of the types of attacks such as Phishing, Vishing, Ransomware and more
- Engage your employees by sharpening their knowledge, and teaching them how to combat threats.
Through the training programme, we’ll help you turn your employees into a Human Cybershield ready to defend your business.