Emails are ranked as the biggest cyber security threats on the Internet. Hackers and cybercriminals target email users to reach and trick them to provide personal information, login credentials, or even sending money. This is commonly referred to as phishing. Additionally, spam accounts for 85 percent of all email sent and is the number one vector for both malware distribution and phishing. Maybe because of the perceived anonymity of the virtual Internet, people seem to have forgotten the essential lesson of ‘stranger danger’ and willingly engage with unknown individual by emails. The practice endangers the cyber security of your company, customers and data. The following email data security best practices will help your employees and company stay safe from all deliberate and debilitating phishing or malicious spam (malspam) attacks.

Regular cyber awareness training

Regardless of leading cyber security companies promoting the importance of email data security and the use of employee awareness training and other preventative measures, many businesses fall victim to various types of phishing attacks and malicious spam email attacks. To help instil a security culture and behaviour change, your cyber security awareness program needs to reach a high rate of participation and engagement amongst users. Security awareness training is a formal process for educating employees about computer security. A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT). Employees should be updated regularly on new policies and new threats and hacking practices that have been identified.

Every organisation needs to understand the importance of cyber security awareness for every employee at every level of its operations. This means that every employee needs to know how to react to email-based threats. Effective cyber awareness training can help employees learn to identify and safely handle spam and phishing emails, including flagging spam and other malicious emails.

Invest in quality antivirus measures

A multi-layered approach to cyber security is imperative and best practices include a combination of technologies that you should integrate as well as behaviours that you and your employees should adopt. A comprehensive cyber security plan that includes email is imperative to allow you to be prepared when encountering online threats.

A vital component of a cyber security plan, is to invest in quality antivirus measures. Many antivirus programs feature mail filters and scanning capabilities for files and websites. If so, put these capabilities to work for your advantage. These can help you identify some forms of malware and other threats to help prevent your devices or network from becoming infected.

Create email blacklists and whitelists

Keeping a current list of banned email addresses (a blacklist) is essential. Such a list will prevent known spammers or cyber threats from making it through to your employees’ inboxes. Use either an in-house protocol or a third-party blacklist authority to keep suspicious and malicious threats in categories of a domain, email address and IP addresses/ranges. Keeping a whitelist, or a list of email addresses that are permitted through your filters and server, is essential as well.

Use strong passwords

Use strong, hard-to-guess passwords because cyberattacks often involve credential compromise giving the greatest access for the attacker. Research indicates a “98% rise of compromise of web-based email accounts using stolen credentials – seen in 60% percent of attacks involving hacking a web application.”  (Verizon’s 2019 Data Breach Investigations Report).

These statistics underpin the importance of having a complex, hard-to-guess password. A strong password includes a combination of upper and lowercase letters, numbers, and symbols. The user should avoid using words that can be found in the dictionary or names of pets, family members, favourite teams, or other information that can be gained from social media profiles. 

Don’t forget about mobile

McAfee reports that because mobiles are feature rich environments, not only emails are vulnerable to cyber threats, but also applications or apps used. Statistics show that the average person has between 60-90 apps installed on their phone. “In 2018 we saw a rapid growth in threats against mobile devices and other connected things, in particular during the second half of 2018. The number one threat category was hidden apps which accounted for almost one third of all mobile attacks” (McAfee Mobile Threat Report, 2019).

Against this background, employees who ‘Bring Your Own Device’ (BYOD), a practice that has exploded over recent years, may save a company costs, but brings with it a whole host of security problems. It is important that any security strategy your organisation implements, takes BYOD policies into accounts and makes safeguarding provisions for mobile devices. Researchers warn that as users move towards using mobile devices over laptops and computers, attackers will continue to increasingly target smartphone users. Not only do the devices contain vast amounts of data, but users will also often regard security as more of an afterthought than they do with their home or office computer.