Today, we overview our top three tips for email cybersecurity in your small business:
Don’t Immediately Act On Email Content From People You Don’t Know
Once a hacker (or a shady marketer) finds an email from anyone at your company, odds are they can figure out how email accounts are “named” at where you work.
For example, if someone gets the email address of a sales manager, John Doe, and his email is jdoe@yourcompany.co.za, it’s pretty obvious that your company uses “first initial, last name” as the naming system for its email accounts. From there, hackers can guess the email of anyone they know (or suspect) who works at your company.
The worst thing you can do is confirm those guesses. Whether you use Gmail or Outlook, opening any attachment, clicking on any link, or downloading any image included in a strange email, confirms to the hacker that your email address is real and that there’s a person they can hack (or scam) on the other end.
It’s perfectly okay to open an email from someone you don’t know, and it’s perfectly safe to read it. But unless you’re really sure that the email is legitimate, don’t act on it. Don’t reply, don’t click, and don’t download.
Related:
How An Insecure Mailbox Can Cost You R100k
Verify Links in Emails Before You Click Them
Just like email attachments, links in emails need to be checked before you open them. Websites can be “spoofed” just as easily as email addresses, but fake websites are also much easier to notice if you know what to look for.
Let’s say someone sent you a link to an article from News24. First, you need to make sure the link actually points to News24. If the sender formatted the email to hide the link and you need to click some text saying “Please see this article”, you should check to see what the actual web address is before you click on the link.
If you hover your cursor over the linked text and wait a moment, most mail programs or web browsers will show a small pop-up, either directly over the link or at the bottom of the screen, which indicates what web address the link is pointing to.
Always check your links before you click on them. In our example, the web address should include new24.com somewhere inside the link. There should be no text or symbols between “news24” and “.com”.
Hackers often confuse their victims by creating web addresses that look like real websites, but are actually part of a different site altogether.
For example, hackers might create a fake website called local-news-source.co.za and then make it look like News24 by creating a web address like news24.local-news-source.co.za. At first glance, it looks like you’re going to New24, but you’re actually going somewhere on local-news-source.co.za. Even if the web address is fully spelled out in the body of the email, hover over the link to be sure it’s actually going to news24.com.
If a link points somewhere other than where it should, or the URL looks unusual, don’t click on the link.
Don’t Open Attachments You Haven’t Scanned
Email attachments are one of the easiest ways for hackers to infect your computer, and your company, with malicious software. Thus, always scan email attachments before you open them, even in emails from people you know.
Just because an email appears to be from your sales manager John Doe, that doesn’t mean it’s really from him. Hackers can “spoof” email addresses to make them look like they came from someone else. Hackers could also have hacked John’s email account and are using it to send dangerous attachments. Or, and this is very common, John could simply be a lot less careful than you are and he is unknowingly passing around an infected attachment, putting everyone else at risk.
Your computer should have an antivirus scanner installed. Odds are, you can right click on any email attachment before you download it, or at least before you open it, and there will be an option to use your security scanner to check the safety of the attachment.
In cybersecurity: Trust, but verify. Irrespective of who sent you an email attachment, scan it before opening. It’s always better to be safe than sorry.
***
iSite Computers is a Managed IT Services Provider. We help small to medium-sized business in South Africa with comprehensive cybersecurity and IT solutions. Book a free consultation with our expert team to learn more.
0 Comments