Quick and Easy Email Security Tips for employees
Cyber Security for your business is absolutely critical. As part of it Email Security is a quick win and a must for the organisation since more than 91% of the successful cyber attacks start from an email. Email is the source of (nearly) all cyber incidents! Most of the time these emails provoke you to click on a link. They can get very sophisticated and hard to spot. Here are a few basic cyber email security tips for employees to keep your digital life secure.
1. Check the sender email address
When you receive an email that’s asking you to click on a link check the sender email. Is it genuine? The infamous email in this category is emails pretending to be coming from LinkedIn, Facebook, Paypal, Amazon, Ebay, DHL, UPS, etc… The latest in this sort of phishing is Xero/Sage/Quickbooks subscription notifications. These emails look very real until you spot the obvious. They maybe asking for personal information, prompt you to login and verify details, prompt you for a software update, etc... Check out our article on 'What is phishing and how to spot phishing emails?'
2. Check the URL link address
If you did click on the link and it’s prompting to enter your credentials check for the website URL. Is it genuine? Look carefully for the spelling. ‘E’ might have been replaced by 3. ‘O’ [letter o] might have been replaced by 0 [zero]. For example, There may be two ‘n’s' in Amazon or o is replaced with 0 in Microsoft.
It is an excellent idea to use a password manager which can help you with managing your passwords as well as alerting you of these scam websites. If you are not seeing your saved password from password manager on there it should be suspicious. Finally, use two factor authentication. Even if the bad actor managed to steal your credentials they won't be able to login to your account. Protect your online accounts and put a full stop to data loss.
3. Check the link in the email
When you hover over the link in the email it will highlight the original link it’s pointing to. Is this what you are expecting? Or is this what the email actually says? Do you sense the urgency in the email? Are you expecting the email in the first place?
These Phishing emails are usually asking you to take an action urgently. They are using intimidation, scarcity, authority to make you click on the link or give away your personal information.
4. Grammar errors
The easy giveaway for the phishing emails is Grammatical errors in the email or a generic greeting. Something like ‘Dear customer’, ‘Hi there’, ‘hello dear’, etc… Watch out for the grammar errors and wrong currency signs. Sometimes subject line cam look strange too. For example, they might just say 'urgent request'. Ask yourself is this the usual writing style of the sender?
5. Verify the sensitive requests
Your CEO sent an email asking you to transfer some funds to clear an urgent transaction. Are you sure it’s him/her? Does he usually email you for this stuff? Pick up the phone and double check if it’s really him/her. FBI estimates this particular fraud alone costing the businesses Billions of dollars every year. We are talking in excess of $8bn per year. That’s huge! Your supplier sent you an invoice asking you to transfer the funds into the new bank they moved to. Pick up the phone and double check. Their emails may have been compromised and it’s the bad guys that are sending the emails. It’s better to double check than losing thousands of pounds. We have seen businesses lost upwards of £250,000 in the local area.
6. Common sense
Finally, some common sense. Are you really expecting the email? The attachment? The link? Does your CEO really use an iPhone? Is her signature abnormal?
The bottom line is that any email with a link that is not proven legitimate is not legitimate. Period!
If you are an IT administrator you can prevent the phishing emails by adopting a spam filtering solution, highlighting external emails in subject line, enabling anti spoofing and training your users to raise the security awareness levels. You can try running simulated phishing campaigns to measure your risk percentage and take appropriate measures.
We hope these simple email security tips for employees will keep you safe in 2019 and beyond. If you need further help or help to educate your employees get in touch with us.
IASMECyber Essentials questionnaire
Read or Download the IASME Cyber Essentials Questionnaire pdf copy here. The questionnaire has different sections laid out for all the controls as well as providing the preparation advice.More
What is the process for Cyber Essentials Plus Certification?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in the process.More
What exactly is involved in Cyber Essentials Plus audit?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in he audit process.More
Cyber Essentials most frequently asked questions
Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). Here are the Cyber Essentials scheme most frequently asked questio...More
FOR LATEST UPDATES SUBSCRIBE HERE: