HP Tech@Work
Today's trends for tomorrow's business
Subscribe
5 Cyberthreat Tips for Business Email
May 17, 2018
The latest recommendations
Whether you’re at home or the office, you’ve had suspicious or downright nefarious emails land in your inbox. In fact, it probably happens far more often than you realize.
According to the FBI and its Internet Crime Center (IC3) division, business email compromises (BECs) almost doubled last year, with nearly 15,700 complaints registered, accounting for losses of $675 million.
No matter how diligent we are about cybersecurity, hackers are becoming more sophisticated and devious in how they trick people into clicking on things they shouldn’t - allowing them to penetrate networks and steal private records and money.
We’ll never completely defeat cybercrime just as we can never totally eliminate physical crime. But businesses can take precautions to minimize the risk.
Here are 5 tips for securing business email:
1. Promote Employee Awareness
Phishing is one of the most common tactics used by cybercriminals. It’s a social engineering tactic where the “bad guys” try to get someone to click on a malicious link that could open the door to a host of security challenges, from ransomware programs that hold a company’s network hostage to operations aimed at stealing your digital assets.
Most of us know this kind of thing happens. But we forget or are too busy to notice that those emails we’re receiving from the former ambassador of a foreign country don’t make much sense. And, as we all know, it only takes one employee to unlock a digital door to a world of hurt.
It is vitally important, therefore, to educate and remind employees about the dangers lurking around the corner in their email.
Classroom or online cybersecurity training is a good place to start. Issuing a steady stream of communications advising them about current or emerging threats is another, especially if something pressing has come along.
Whatever the approach, ensure employees understand the importance of questioning each and every email hitting their inboxes. If they don’t know the sender, they should think long and hard before opening the communication. Even if it is from someone they know - but it relates to an odd topic or is arriving unsolicited - they should be wary.
2. Beware Those Passwords
For nearly two decades, Microsoft Co-Founder Bill Gates and others have been recommending alternatives to computer passwords, long considered the weakest link in network security.
That’s mainly because most people - even network administrators who should know better - choose passwords involving personal information, such as a birthday or social security numbers.
We do this because long, complex passwords are often difficult to remember. And many people use the same password for multiple sites due to the tiresome maintenance requirements of unique passwords for every need. The problem with all of this is that simple passwords are too easy for humans or computers to decipher.
One of the easiest workarounds is to either issue or require your employees to select strong passwords involving almost non-sensical words combining capital- and lower-case letters, symbols and numbers. Then require those passwords be changed a minimum of every 90 days (the 6-month rule isn’t aggressive enough given rising threats).
Another tip is to embrace multi-factor authentication, which requires users to provide more than one form of authentication to verify identity and access systems or data. The first factor is usually some form of username and password, while the second can range from a PIN to biometrics to physical keys, such as Smart Cards and SecureKeys.
Some HP PCs now come with built-in multi-factor and fingerprint readers that are worth considering. They may cost a bit more but could save money by helping to avoid the types of security incidents that are costing companies millions of dollars.
3. Avoid Public Networks
If you have a laptop, it’s hard to avoid using it in Starbucks, the airport and other public places. But those locations present numerous cybersecurity nightmares.
Not only are Wi-Fi networks in those places less than secure than offices, sometimes hackers are literally hiding nearby to intercept your emails.
To get around this, security professionals recommend setting up and requiring employees to use virtual private networks (VPNs) whenever remotely accessing business networks.
This establishes an encrypted connection that hackers won’t easily penetrate. Supplement the VPN with multi-factor authentication for better identification, and accessing public networks becomes much safer.
4. Think Physical Security
Speaking of public places, hackers aren’t just sitting in a car electronically monitoring your communications. Sometimes they’re right over your shoulder - watching as you type your passwords.
As part of your cybersecurity education campaign, you should warn employees to enter passwords with one hand and cover what they are doing with the other.
Another common safeguard is to install an inexpensive privacy filter - a piece of shaded film - on the laptop screen to make it difficult for prying eyes to see what the employee is doing.
Even better, consider computers, such as the HP EliteBook 1040 and HP EliteBook 840, which feature HP Sure View integrated privacy screens that darken at the touch of a button [1].
5. Terminate Network Access for Former Employees
The first thing you should do when an employee leaves your company is terminate email access.
All too often, companies are slow to remove former employees or contractors from networks, creating an opportunity for them to access, damage or even steal business information and assets.
The Verizon 2018 Data Breach Investigations Report notes internal actors performed 28 percent of recent cyberattacks and breaches. Disgruntled ex-employees and contractors pose an additional layer of risk.
While most of these workers have no ill intent, cybercriminals could still discover their email passwords and use them to access a network. Shutting down former employees’ email access, therefore, should be considered a critical step for guarding against potentially damaging cyberattacks.
With email security, there are really no limits to how much you could or should be doing. The more you invest in policies, procedures and tools to safeguard your digital assets, the better off you will be.
[1] HP Sure View integrated privacy screen is an optional feature that must be configured at purchase.
