The COVID-19 Pandemic has shifted the way many organizations operate. Because of this, cyberthreats have continued to rise as many attackers are taking advantage of sneaking through unprotected email servers, Wi-Fi networks, cloud-based storage, among others. Recently, Microsoft’s Exchange email service was a large target of a hack that compromised hundreds of thousands of users around the world. As more details of this specific incident are uncovered, now is an essential time to evaluate your organization’s email security practices.
Another thing to think about is phishing and other social engineering campaigns. These sends have increased to 20,000 to 30,000 daily since the beginning of the pandemic. Social engineering campaigns have used COVID-19 as a message, hoping to target users in a believable way while exploiting the current, worldwide public health crisis. While these statistics are shocking and may not see an immediate decrease, there are solutions available for your organization. The following tips can keep you protected while we fight through record-breaking cyberthreats:
Think Before you Click!
The Financial Industry Regulatory Authority (FINRA) has responded to recent phishing scams targeting the financial services industry. Hackers were posing as FINRA representatives, communicating via a fake email address, and requesting the recipients respond to an issue of regulatory non-compliance by clicking on the included link or document. Compliance is taken very seriously in this industry, which these hackers knew in advance, but clicking or downloading compromised links or documents from phishing campaigns severely impacts organizations.
One of the most evident, simple email best practices is to think before you click – you should only click links in emails you have properly analyzed after reviewing the sender’s name and address, context of the email, and services or information requested. If it does not seem realistic, it might be a social engineered attack waiting for its next victim.
End-User Awareness Training
Human error can be inevitable, accidental, and unpredictable, but these errors can have significant consequences for business operations. Up to 60 percent of small businesses end up closing after experiencing a data breach or cyberattack. End-user awareness training teaches how to spot social engineering attacks, the need for strong passwords, how to secure workstations, and more. This training can save costs while educating your employees on their individual contributions to protecting your organization. By investing and supporting end-user awareness training, your organization can be at an advantage if or when social engineering campaigns or other breaches strike.
Invest in Email Security Software
A prominent email security software on the market, Mimecast, safeguards organizations and employees against sophisticated email attacks. Their Targeted Threat Solution defends against attackers who are looking to compromise data, steal credentials, demand ransom, or request payment from business accounts. The latest threat landscape requires targeted solutions and advanced security measures, and cybersecurity tools should also extend to your email inboxes. With 40 percent of organizations lacking email security software, investing now can provide you competitive edge while intercepting potential threats.
Multi-factor authentication (MFA) protects your credentials from becoming compromised by layering on an additional verification method, i.e., an alert to a registered smart phone or unique fingerprint identification. With MFA, no login action is completed until the additional verification is accepted. MFA is supported in most major email providers, including Microsoft Exchange, Mac OS, and Gmail. According to Microsoft, 99.9 percent of attacks can be blocked with proper MFA.
Watch out for Unsecured Wi-Fi Networks
Public Wi-Fi networks are not always as secure as your home or office networks, and this may lead to data loss. The convenience is not always worthwhile. Information shared while connected to public Wi-Fi is vulnerable to compromise. Some tips for working while using public or other unsecured networks are to only send information through fully encrypted sites (i.e., SSL-secured sites with the lock icon in the address bar), avoid using apps that require personal or financial information, and use a virtual private network (VPN) on your device. As threats continue to emerge, we must be aware of all vulnerabilities.
It is essential for your organization to have comprehensive solutions for cybersecurity designed by a trustworthy, proactive provider. Our CoreArmor solution offers 24/7 intrusion detection and monitoring, in-depth assessment to identify vulnerabilities, best-in-class phishing testing and end-user awareness training, and more. Your organization must be protected against emerging email threats in 2021 and beyond. For strategic guidance on what steps to take to ensure your organization is email safe, contact us today.