Cybersecurity tips for your email
Have you had your email hacked lately? It happens every day and it’s becoming a much more frequent event. Email is the #1 attack vector for hackers to get into your network. We see hackers going after credentials of users via brute force, phishing and other nefarious actions. It’s important to make sure your email service is secure as possible. Without the proper security and practices in place, you leave yourself open to:
Data Theft or Wire Fraud – Hackers can get into your account and steal contact info or any important data you might have in your email. They also often try to create fraudulent wire transfers, stealing your money.
Spam and Malware – Once hacked they can use your email to send out spam and junk mail that looks like it’s coming from you. Lots of malware is spread this way, as well as phishing for credentials. Chances are if your accountant, lawyer or mom sent you an email with a link, you’re more likely to click that link!
Reputation Damage – If your email is the one sending out junk mail and malware, customers and clients are going to be more skeptical of your emails in the future.
Ransomware – Reports are surfacing regarding email servers, even cloud services like O365 and Google Apps, getting ransomware. If you don’t have proper security and backups, you are leaving yourself open to the bad guys.
How can you protect yourself? Here are few tips that we recommend you, or your IT provider, take to prevent this type of email hacking. If your IT provider can’t do these, or hasn’t already done these, we can certainly help you out.
Spam Filtering – Make sure you have advanced spam filtering turned on, for both mail coming to you and outbound filtering for mail you send out. This makes it harder for junk to get in, but also blocks junk going out should your email be compromised.
SPF / DKIM / DMARC Records – These records help the internet know what email servers are authorized to send mail on your behalf. Keeping your DNS records up to date will help cut down on people ‘spoofing’ or pretending to be you.
2 Factor Authentication – if your email provider supports it, we recommend turning on 2FA (2 Factor Authentication). This is when you get a text message, or other code, as a second step to login. It can be a little bit of a pain at the start, but once you’re used to doing it, it just fades into the background. Research shows this to be 70-95% effective in stopping people from hacking your accounts.
Have a Password Policy – Your company should have a password policy to ensure people can’t use junky passwords. New research shows that changing passwords all the time is WORSE. It’s better to have one long pass phrase than it is to change it every 90 days. We recommend 12 characters or more and have found the easiest way to create a password is to pick 4 random objects in a room you’re are familiar with (your office or living room). MantleCouchWindowPicture is a better password than using an ! for a 1 or @ for an a. Bad guys know your patterns and people are predictable.
Implement Cybersecurity Training – Make sure you have training in place for your staff to help them spot phishing emails. Phishing is one of the most common ways for hackers to get access to your network, and people are the weakest link in security.
Nothing is perfect, and even with these practices in place, you can still be hacked. However, when being chased by a lion, you don’t always have to be the fastest.... just don’t be the slowest. If you are more secure than the guy next door, chances are the hacker will move on. It’s also recommended you step up your cyber security. Nowadays larger vendors are requiring it of their smaller vendors. Travelers Insurance recently told a small law firm that if they didn’t implement better cybersecurity, they would lose the business. Enterprise companies are realizing their weakest points are their supply chain and the smaller vendors like you and I, so they are demanding better cybersecurity.
If you feel overwhelmed just thinking about cybersecurity, get in touch today:
