Myth vs Reality: eMail Security
Myth: “I don’t need to worry about email. I got an antivirus program to protect me.”
Reality: “Do not take your email security for granted! Did you know that over 90% of cyber-attacks are delivered by email? While antivirus technology has come a long way, hackers still rely on “social-engineering” to exploit human behavior to access your data.”
With the proliferation of email as the primary way to communicate with colleagues, patients, and vendors, it has also become the preferred route of hackers to spread ransomware, malware, viruses, phishing attacks, and other scams. Small and large organizations need to have a multilayered approach in combating these threats. Even though cyber criminals keep devising tricks and techniques to infiltrate your networks, there are actions you and your team can take to reduce the chances of getting breached. Here are # things you and your team can do:
1. Use a strong email password
One of the first things you must do to protect your email and the information contained withing is to use a strong password. This is the first and most overlooked security measure you can take to protect your data. Despite warnings from IT staff and security experts the following remain the most commonly used passwords in 2022 (source: cybernews.com)
Next common theme for passwords has been the use of a significant year such as a birthday, the year which the password was created, or a significant date. Following that are first names, favorite teams, city names, first names, and profane words.
Is your password one of the top 10 above or among the common other passwords used? Time to change it! Why? Think about it. It is like hiding the key to your house under the front door mat. This will be the first thing hackers will use to break into your network!
Here are some tips to create better and unique passwords that will be harder for cybercriminals to crack:
Although complex passwords are great, cyber experts are recommending the use of long phrases. Complex passwords are hard to remember and often re-used. Long phrases, combine 3-4 non-related words and are a min of 12 characters could be easier to remember and harder to hack.
Use upper and lower-case characters
Use a combination of letters and numbers
Use special characters such as &, @, $
Use phrases instead of words
Do not use the same password for all your accounts
Use a password manager application
2. Use two-factor authentication
A two-factor authentication method means that you need to enter a second code before you can access your email account. This code is usually sent to you via email, SMS text message, or voice mail. Even if your primary password is something like “123456” a two-factor authentication will place an additional barrier for the cyber criminal to overcome.
Most email clients today offer two factor authentication. If your email client does not offer this feature, please contact our Client Services team and we may be able to assist you further. If you have an Office 365 account managed by BlueBird and do not have this setup yet, please contact our support team to activate this feature.
3. Keep your password a secret
This may sound obvious, but you would be surprised how often colleagues may share their passwords between them to access their computers when they step away. Another bad habit is to leave a password on a sticky note next to the computer. You never know who can see it!
4. Be on the lookout for “phishing” emails
Phishing is a very common technique cyber criminals use to lure you in to clicking or submitting personal information. The way phishing is done is to pretend that the email is sent from a provider that is familiar to you such as your bank, internet service provider etc. Their goal is to trick you to give up your account number, password, make a payment, or download a malicious file.
Here are some hints to help you detect the email or its sender are not legitimate:
Company name not spelled correctly
Multiple spelling and grammar mistakes
Asking you to take an urgent action
Company logos are warped
Email extension is not right ie @telllus.com, @yahoo123.com
Email is asking for account number or password (service providers will NEVER ask you for those in an email)
If you suspect the email is a scam do not try to open it. Just delete it. If you happen to open it, then do not click on any links or download any documents. Just delete right away.
5. Avoid using free public wifi access areas
With mobile devices we have become accustomed to working from anywhere and everywhere. Public WiFi’s however are not safe to use. Hackers can easily “eavesdrop” through this networks and access information passing through it. If you must use your mobile devices, try to do it through your cellular data provider, even if the connection is much slower.
6. Train your staff in Cybersecurity Awareness
Knowledge is power! You and your team are the first line of defense against cybercriminals. Learning how cybercriminals deploy their attacks through email can help you learn how to protect and keep your data safe. It is important to train your team on what suspicious emails look like and teach them the importance of not trusting emails from unknown sources.
As your IT services provider we often share with our clients informative articles about cybersecurity through our newsletters, security alerts, and our website. We understand however that this may not be enough, or you may lack the knowledge and time to train your staff. This is why starting this month we are offering a new service: Cybersecurity User Awareness Training*. This Monthly Virtual Training service provides fundamental education and reinforces the importance of good habits. It includes:
Monthly online cybersecurity training for employees
A quarterly phishing exercise to evaluate training effectiveness and identify individuals who require additional training
Quarterly report will be provided that outlines training fulfillment and high-risk employees
* All employees require an independent corporate email address ie firstname.lastname@example.org
7. Implement strong email defenses
Mistakes however do happen, and even the best trained IT professionals can fall victims to a suspicious email. In this case, you will need strong technology defenses to further protect your data. A managed firewall and malware protection software can add a significant layer of protection to your network.
If you feel that you want an added layer on top of what you already have in place, we are introducing our new Email Protection add on service. This solution provides granular protection that can be customized for your clinic’s needs.
End-to-end email encryption is available to help adhere to compliance requirements. Email encryption is important because it protects you from a data breach. If the hacker can’t read your message because it’s encrypted, they can’t do anything with the information.
Continuously scan inbound email, in real-time, for SPAM and malicious content
Our team will analyze submitted email to determine if a threat exists
We utilize the latest in threat intelligence to proactively enhance the email scanning engine
A monthly activity report is included that highlights targeted employees, overall threats, and protection effectiveness
If you have any concerns about your email security or would like to know more about our enhanced email protection services, please contact our Client Services team at email@example.com who can assist you further.