Cybersecurity Month is a timely reminder for organisations to ensure they have a strong cybersecurity posture in place, after all cyber security is everybody’s business and educating everyone in your organisation about the risks is imperative. Recent data from Mimecast has found an increase in brand impersonation attacks, particularly on technology brands – with 272,000 attacks in the first half of 2022, compared to 139,000 attacks in all of 2021.
Email remains the number one attack vector for cyber criminals, and with the increased demand of hybrid working and remote environments, email collaboration has never been more important, and cyber criminals are aware and trying to exploit this.
According to Mimecast’s State of Email Security 2022 Report, 89% of Australian businesses are bracing for the fallout form an email-borne attack.
As our working environments continue to evolve it becomes easier for individuals to fall victim to a scam, so it’s important for organisations to ensure they are staying up to date with the latest information and
ensuring policies, technology and training are continually being updated to reflect the current landscape.
How to Maintain Email Hygiene and Safety
With email threats evolving and becoming more frequent, organisations should incorporate best practices to maintain the hygiene and safety of their email inboxes.
- Use a Password Manager. Using weak credentials is the easiest way for threat actors to hack into your account. To keep your account safe, use strong passwords and update them regularly. As an additional measure, passwords should not be recycled, and users should turn on two-factor authentication.
- Treat every email with caution . Threats can come from a bad actor inside your organisation, who has legitimate access to an organisation’s network, applications or databases. For instance, they may use internal phishing to spread an attack.
- Beware of Impersonation. Business email compromise (BEC) attacks comprise scams where threat actors trick employees through impersonation. They create email accounts to impersonate a senior executive of the company or one of its business partners and utilise social engineering to trick unsuspecting employees into sharing confidential company information or sending money, particularly targeting new employees. To avoid this, double check the email address and domain before actioning, as well as being cautious of ‘fake urgency’ that may come from the email. On top of this, it’s important to have a policy in place to protect against bank detail changes via email.
- Report suspicious emails. Marking emails as spam will help detection in the future. Automatic spam filters incorporate machine learning and automatically move emails into the spam folder if they detect that it has been reported in the past.
- Be wary of email attachments and links. Cyber attackers may embed malware in file attachments and URLs. A good practice that can be undertaken is to stop automatic downloads and scan all attachments and links before downloading them. Alternatively, email security software can be used to detect suspicious attachments and flag them out to users automatically.
- Utilise a cloud-based email security solution. Cloud based solutions use deep scanning of emails with multiple technologies in their security stack, including advanced machine learning, to minimise the risk of the latest cyber threats
You can read the full report here.