Before email’s rise in the 1980s, all legally binding documents were validated with a handwritten signature on a physical piece of paper. Retention and retrieval of these records required both office space and clerical staff. The push for a paperless world began and email quickly came to be viewed as a trusted way to send and receive official documents, even within the legal system, as early as the turn of the century. This opened the door for security breaches within one of our most common tools.

The introduction of malicious software (such as malware, viruses, or spyware) can unwittingly occur through scams, phishing attacks, and other threats. To combat email-based scams and theft, take these five precautions:

1. Train employees to recognize, stop and assess before opening unexpected emails. All employees must be informed that a criminal can mask someone’s email address or purchase a domain similar to the employer’s domain to deceive. Employees should be trained to directly contact the company or entity referenced in the email before responding to any suspicious message. If the company or entity cannot be contacted, the employees must notify a designated person within the employee’s company, such as a security officer, to research further. Once a threat is detected, the company must employ appropriate automated systems, such as blocking incoming and outgoing emails.
2. Build the first line of email defense using automation. The use of SPAM protection software will stop any previously detected or suspicious email from being delivered without action from the recipient. Emails that include suspicious text content, words that have meaning to the computer (such as “ping”), or specific sender email address patterns may indicate malicious intent or Distributed Denial of Service and should be blocked. These suspicious emails are not immediately delivered but go into a separate internal or external inbox, which gives the recipient the option to release, block or permit the messages. The block and permit statuses are modifiable if later information shows that the email can no longer be trusted or vice-versa.
3. Know how and when to rely on encryption. Encrypted email provides a greater layer of protection of a message’s content while it is in transit. Encryption is critical when the message contains PII or other sensitive data. Encryption requires that the sender designate the email as “encrypted” and that the sender provides a means for the receiver to retrieve it. This can be via password protection or through a dashboard within the email. Many email providers automatically encrypt all traffic within your domain, ensuring that the receiver can always trust an email sent from another address within that same domain. Emails to addresses on external domains require that the sender choose whether to encrypt.
4. Be alert to insider and passer-by misuse. Make sure that no personal computer or device is left unlocked at any time. Anyone passing by can use an unlocked computer or device to send malicious emails that appear to have come from a valid source or collect private information. Keep all computer and account passwords private. If there is potential for an insider threat or the general public may have line-of-sight, a special screen may be needed. This ensures that only the person sitting directly in front of the computer can read the screen. Perform background and security checks on all employees who may have line-of-sight access to computer or device screens.

Protect Your Data!

Technology provides benefits that are too great to ignore in today’s fast-paced environment. However, it also opens up new risks that must be managed to ensure your organization is protected. We’ve covered the basics in our four-part series on cybersecurity (see parts one, two, and three), but this is an ever-changing field. Subscribe to Momentum’s news and blog portal to stay up to date on current cybersecurity trends, technologies, and best practices,

This post is adapted in part from a recent Momentum white paper, Technology Trends That Complicate Cybersecurity. To learn more, drop us a line at info@m-inc.com.