October is National Cyber Security Awareness Month. Week Two’s theme is “Creating a Culture of Cybersecurity in the Workplace.” To promote awareness, we’re exploring what employees should know in order to keep their work emails cyber-secure.
Why it Matters
According to BakerHostetler’s data report titled “Is Your Organization Compromise Ready?”, employee mistakes were the second largest cause of breaches in healthcare, retail, and financial services organizations in 2016. The leading cause of breaches was phishing/hacking/malware attacks; however, a significant portion of these attacks can be attributed to human error. Therefore, it’s estimated that over half of 2016’s breaches in this field were caused in some manner by unwitting employees.
Imagine how many times a day you enter a situation that makes a breach possible at work. Educating employees on company cybersecurity policies, as well as everyday cybersecurity warning signs, can combat the growing number of human errors and protect your company’s data.
Using a secure email is an important step toward keeping your workplace desktop and network protected. While you can never be too careful when using email, there are certain warning signs to watch out for and steps you can take to make sure that you’re being smart with your emails.
Be on the lookout for phishing. What is phishing exactly? Imagine that every person with an email is a fish in the sea and the fishermen are casting lines into that sea of people, knowing that while they won’t catch every fish, they’ll at least catch some. Phishing is a means of getting a person’s personal information through emails sent to a large group of people. Everyone has probably received them – they can be emails directing you to reset a password or to visit your bank’s website immediately.
To pick out phishing emails from the credible ones, look for misspellings of common words or web addresses with an extra letter or punctuation mark. If the email suggests that the matter is extremely urgent, it is probably a phishing attempt. If you’re directed to follow a link, type in the web address to the website; don’t follow it directly from the link. Always check to see if the email has an email signature. This can be a sign of authenticity. Finally, if you’re unsure, contact the organization that sent the email by a known phone number.
Spear phishing is more targeted than phishing. In this case, the fisherman only targets a specific group of individuals that share a commonality. This group could be employees at the same company or people who use the same bank. To avoid being the victim of spear phishing, be wary of unknown signatures and whether you know the name of the person in your company who is requesting your private information.
Whaling is an attack on senior officials within an organization. It often includes a fraudulent personalized message meant to swindle that executive’s personal information. Unlike the urgency involved in most phishing attacks, whaling uses messages that are believable and well written. As with phishing, it’s important to verify that any URLs included in the emails are legitimate. If it’s unclear whether the email is legitimate, use a verified phone number to call the sender to verify legitimacy.
How to Keep a Secure Email
- Avoid sharing personal information via email, unless it is encrypted and being sent to a verified source
- Turn off cookies and cache when checking your email on someone else’s computer or a public computer
- Follow company policy when checking your email, e.g. using Gmail instead of Outlook
- Don’t follow unknown links sent to you in an email; type them in in your web browser instead
- Sign out of your email every time you leave your computer
- Don’t use your work email for personal matters, especially for buying or selling
- Avoid using “Reply All” and forwarding motivational, inspirational, or chain emails
- Use complex passwords to protect your email
- Change your password frequently and use two-step authorization for passwords when you can
What do you do when it happens to you?
Even the most careful employees can fall victim to cyber-attacks. While keeping your security systems up to date can assist in safeguarding your computer, you should always contact your company’s technical department when you fear that you’ve followed an infected link.