6 Quick and Easy Email Security Best Practices for employees

Cyber Security for your business is absolutely critical. As part of it Email Security is a quick win and a must for the organisation since more than 91% of the successful cyber attacks start from an email. Email communication is the source of (nearly) all cyber incidents! Most of the time these emails provoke you to click on a link. They can get very sophisticated and hard to spot. Here are a few basic cyber email security best practices for employees to keep your digital life secure and to prevent hackers to gain access.

1. Check the sender email address

When you receive an email that’s asking you to click on a link check the sender email. Is it genuine? The infamous email in this category is emails pretending to be coming from LinkedIn, Facebook, Paypal, Amazon, Ebay, DHL, UPS, etc… The latest in this sort of phishing is Xero/Sage/Quickbooks subscription notifications. These emails look very real until you spot the obvious. They maybe asking for personal information, prompt you to login and verify details, prompt you for a software update, etc... Check out our article on 'What is phishing and how to spot phishing emails?'

2. Check the URL link address

If you did click on the link and it’s prompting to enter your credentials check for the website URL. Is it genuine? Look carefully for the spelling. ‘E’ might have been replaced by 3. ‘O’ [letter o] might have been replaced by 0 [zero]. For example, There may be two ‘n’s' in Amazon or o is replaced with 0 in Microsoft.

It is an excellent idea to use a password manager which can help you with managing your passwords as well as alerting you of these scam websites. If you are not seeing your saved password from password manager on there it should be suspicious. Finally, use two factor authentication. Even if the bad actor managed to steal your credentials they won't be able to login to your account. Protect your online accounts and put a full stop to data loss.

DOWNLOAD CYBER ESSENTIALS QUESTIONNAIRE FOR FREE

3. Check the link in the email

When you hover over the link in the email it will highlight the original link it’s pointing to. Is this what you are expecting? Or is this what the email actually says? Do you sense the urgency in the email? Are you expecting the email in the first place?

These Phishing emails are usually asking you to take an action urgently. They are using intimidation, scarcity, authority to make you click on the link or give away your personal information.

4. Grammar errors

The easy giveaway for the phishing emails is Grammatical errors in the email or a generic greeting. Something like ‘Dear customer’, ‘Hi there’, ‘hello dear’, etc… Watch out for the grammar errors and wrong currency signs. Sometimes subject line cam look strange too. For example, they might just say 'urgent request'. Ask yourself is this the usual writing style of the sender?

5. Verify the sensitive requests

Your CEO sent an email asking you to transfer some funds to clear an urgent transaction. Are you sure it’s him/her? Does he usually email you for this stuff? Pick up the phone and double check if it’s really him/her. FBI estimates this particular fraud alone costing the businesses Billions of dollars every year. We are talking in excess of $8bn per year. That’s huge! Your supplier sent you an invoice asking you to transfer the funds into the new bank they moved to. Pick up the phone and double check. Their emails may have been compromised and it’s the bad guys that are sending the emails. It’s better to double check than losing thousands of pounds. We have seen businesses lost upwards of £250,000 in the local area.

DOWNLOAD CYBER ESSENTIALS CHECKLIST PDF FOR FREE

6. Common sense

Finally, some common sense. Are you really expecting the email? The attachment? The link? Does your CEO really use an iPhone? Is her signature abnormal?

The bottom line is that any email with a link that is not proven legitimate is not legitimate. Period!

If you are an IT administrator you can prevent the phishing emails by adopting a spam filtering solution, highlighting external emails in subject line, enabling anti spoofing and training your users to raise the security awareness levels. You can try running simulated phishing campaigns to measure your risk percentage and take appropriate measures.

We hope these simple email security tips for employees will keep you safe in 2019 and beyond. If you need further help or help to educate your employees get in touch with us.