Cyber threat actors aren’t always sophisticated in their tactics, techniques, and procedures. Phishing continues to be a rampant problem with big impact. In fact, one opened phishing email can make for a very bad day for a company at large.
What’s a common vehicle for unleashing a phishing attack? Email. While it is one of the most convenient ways to communicate and share information with external parties, it also unfortunately presents both companies and individuals with security challenges. Indeed, your inbox can become a foothold where adversaries gain initial access to your system.
Phishing, an email tactic in which criminals impersonate trusted senders to trick the user into revealing sensitive information or downloading malicious software, has been the key to a few high-profile breaches. In 2018, state-sponsored Russian hackers gained access to American electricity providers by sending phishing emails to the smaller companies providing services to them. The damaging 2014 Sony hack, which resulted in the loss of enormous amounts of proprietary data, was also initiated through phishing.
To keep your email safe – whether it’s your corporate or personal – we encourage you to consider implementing the following practices:
- Avoid opening emails from external users unless the email is expected. Be on the lookout for what makes an email suspicious: unknown or unexpected senders, unusual links, attachments, and messages, as well as emails demanding quick action or offering gifts or promotions.
- Suspicious attachments may include .iso and .exe files, installers, and even Word/Office documents. As a general rule, if you don’t know the sender, don’t open or download attachments. Even better, there’s often no need to open some emails at all. Most web-based email clients provide previews of emails, so you don’t have to look inside – and, you’ll save time!
- Use your email client’s built-in features to filter out or block any messages from untrusted domains. And, if you don’t want spam messages to track you, you can disable images from auto-loading in your inbox.
- Ensure you are using a strong passphrase for your email and that you are not using the same password across corporate and personal accounts.
- Use two-factor authentication to access your email account.
- If possible, use client-side encryption to secure your messages before they’re sent out.
- Report any suspicious emails to your company’s security team for further investigation.