Top Ten Email Security Tips

Griff Jones, Principal Engineer

The statistics are staggering. According to Mimecast’s , “The State of Email Security Report 2019”

94% of organizations surveyed experienced phishing attacks, 67% saw an increase in impersonation/business email compromise attacks and 71% suffered an email attack where malicious activity was spread from one infected user to other employees.

Email is one of the easiest ways for a cybercriminal to both make a profit and inflict harm. Successful email attacks are simple because the strike relies upon the ignorance and trusting nature of human beings. An email crime is seldom the fault of the technology used to secure the system.

For this reason, it’s important to practice vigilant, secure email practices. Here are our top suggestions for keeping yourself, and your business, safe from email scammers.

  1. Use separate email accounts. If your work account is hacked, information in your personal account is not compromised. Some experts advise three accounts: work, personal and a “junk” account for potential spam.
  2. Change your (strong) password often. Have unique passwords for each of your email accounts. If a criminal gets one password, he or she will test it on all the other accounts they see in your email.
  3. Your email address is not candy. Only give it out to people you know. Don’t post your address on public websites or forums. That’s like inviting a thief to your house and giving them the key to get in.
  4. Learn about phishing scams. “Phishing” scams involved a malicious person imitating a high -profile website stating that the company is having an issue with your account. The hacker asks you to send your username and password. Don’t fall for it. Reputable companies will not ask for your username and password in an email. Did they send a link?  Don’t click it. It will send you to scary places you don’t want to go. Always take the initiative to visit the legitimate site to inquire.
  5. Again, avoid links. Please take this advice, if you ignore everything else. DON’T CLICK THE LINK. Except in rare exceptions (you know for certain who the link is from, it’s a registration your expecting,) just don’t click. It is always safer to manually input the correct link into your browser and visit the site on your own.
  6. Don’t click the “unsubscribe” link in a spam email. You are handing the criminal information.
  7. Never send personal information in an email. No bank account information, no passwords, etc.
  8. Scroll your mouse over a link to be sure its legitimate. If you don’t recognize the URL, don’t click it.
  9. Get an attachment from someone you don’t know? Delete it. Now. DO NOT OPEN IT.
  10. Don’t give your password out. To anyone. This includes your husband, wife, best friend, child (and no – not your teenager, please).

For more information on email threats, take a look at our post entitled “Social Media Soars”, our e-book “Protecting your Company from Cybercrime”, or our e-book “Effective Email Policy Guidelines”.