If my inbox had a bouncer, I would make sure it kept out the “work from home”s and the “financial freedom”s that continue to find their way into my e-mail — and my heart. I’d like to think I’m not the only one still falling for these e-mail subject buzzwords, but I know you’re all smarter than that.
The recent major security breach that caused e-mail leaks from top Democratic National Committee (DNC) officials is increasing concerns associated with e-mail security. WikiLeaks released almost 20,000 confidential e-mails of the DNC’s staff members. Following this revelation, businesses need to ask “are we the the next target?”
E-mail is the most common corporate communication tool and as such, becomes an easy target for attackers. E-mail is built into our devices, such as phones, laptops, tablets, and one day, probably our eyeballs. This makes our devices, and consequently the user, potentially vulnerable to e-mail attacks such as e-mail-phishing and spear-phishing (the most common), malicious attachments, hidden scripts, and Trojans can trick the user into exploiting a known vulnerability and subsequently give the attacker access to the machine and possibly the corporate network. Users should be cautions when opening suspicious e-mails. Spam e-mails are the most common means of communicating malicious programs, but e-mails with web links that automatically download malware with one click have also become a growing concern. Embedded web links can serve as an attack vector, leveraging known vulnerabilities in commonly used software like Java or Adobe Reader to gain access to the user’s machine. With these attacks, attackers can not only gain access to your machines but can steal confidential bank details, passwords, cookies, browsers histories, and other such information.
To avoid being the next victim of a cyber security e-mail hack, consider hiring an e-mail bouncer or implementing the following:
- Spam filters: Blocking known spam senders and blacklisting them on the e-mail server can considerably reduce the number of spam e-mails across the corporate network.
- Data-loss prevention (DLP) solutions: DLP solutions can guard the content in outgoing corporate e-mails. Confidential data like social security numbers, bank account numbers, or Personally Identifiable Information (PII) Can be tracked and blocked at the network perimeter.
- Next-generation unified threat management (UTM) firewalls and anti-virus engines: UTM firewalls with built in anti-virus engines can assist in blocking malicious drive-by download links sent via e-mails.
- E-mail encryption: An encrypted e-mail can only be read by legitimate users who possess the decryption key.
- Passwords changes: Regularly changing your e-mail passwords and choosing unique passwords across all e-mail accounts can reduce the likelihood of a password hack.
- Education and social awareness: Staying educated on ongoing e-mail threats can help you avoid the common pitfalls that could lead to a hack.