At any given point in our day to day activities, we are bound to interact with emails, whether promotional, official, casual or even business related emails. An average office worker interacts with tens of emails in a day, which means the time dedicated to scrutiny of any email is significantly reduced. The employee ends up spending less than a minute per email, thus they cannot be able to identify potential pitfalls just by a glance. It is therefore imperative for each of us to learn the basics of security, and take the necessary precautions to keeping safe.
The good book says, "...My people perish due to lack of knowledge..." but since you have read to this point, you are a step closer to avoiding perishing since this article highlights the various ways you can use to secure your email accounts. Follow through to the end to be reliably informed, and probably (or not) be entertained as well.
What is email security?
Email security is the practice of protecting email accounts and communications from unauthorised access, loss or compromise.
The most common email security tools and techniques include but are not limited to:
- Spam Filters
- Anti-phishing
- New Technology
Let us look at each option now;
Spam Filters
This are tools designed to identify and block unwanted emails from reaching a user's inbox. They combine various methods and techniques to identify and filter out certain phrases that are normally associated with spam. This tools may include content filtering where the email content is scanned for keywords that are associated with spamming like 'click here'.
Statistical methods are also used to compare words in spam and non-spam emails, the filter then calculates the probability of an email being a spam based on the likelihood of different words being used in spam emails.
Spam filters also check the attached URL links to see whether they are associated with known malicious websites.
Some spam filtering methods also rely on feedback from a large number of users
Anti Phishing
This are tools designed to help users identify and protect themselves from phishing attempts. The attacks are designed to trick employees into revealing sensititive data. Different tools can be used for different platforms, but since we are talking about email security, we might as well mention proofpoint, which is an advanced email security solution that provides robust protection against phishing, business email compromise and malware.
New Technologies
With the emergence and continued use of AI, there are threat detection techniques that leverage this model and are automated using scripts, thus making threat detection easier and more effective. By understanding user behaviour, false positives are greatly reduced. Incident response can also be automated, by isolating systems that have been breached, thus reducing the attack surface, and also allowing the security team to focus their response to a particular area.
There have been various emerging threats that are being implemented using emails. Just to mention a few, there is phishing, social engineering and ransomware. Each of these can be initiated using an email opened by an unsuspecting customer.
Different phishing attacks like spear phishing, deep fake attacks and business email compromise can be used to trick users into revealing information. Read more about phishing at https://www.trendmicro.com/en_us/what-is/phishing/types-of-phishing.html
Social engineering is also on the rise as an emerging threat. It is just a fancy term for manipulating people into divulging sensitive information or performing actions that compromise security. To read a more detailed article on social engineering, click on https://blog.cybersafi.com/post/social-engineering for more information.
Ransomware, just like the name suggests, is malicious code that once injected into your system it prevents access into the system until you pay a given amount of money. More often than not, ransomware is introduced into the system through emails of unsuspecting employees.
Some of the ways we could actively maintain email security is by checking emails to verify they are from the correct sources. This can be done by checking the sender's address, and ensuring the address is typed out correctly. Regular training of employees is also paramount, as the human element is usually the weakest link in any security setup. Training users makes them informed about the different ways that emails can be manipulated, thus giving them an upper hand incase an attacker comes calling.
Easy DIY Security Checks
- Ensure the URL of any website you interact with starts with a HTTPS:// or a padlock is shown at the beginning of the search bar. The 's' in HTTPS stands for secure, implying that the data you send is encrypted.
- Enable 2FA on your various accounts, which basically means you get to put a code that is sent to your email or phone, which you put in addition to your password. To implement this, go to settings of your intended account and follow the prompts outlined there.
- Use a password manager to create and store strong unique passwords to your sites. A reliable password manager is the best solution in this use case.
- Keep your software and applications up to date by updating regularly. This ensures that you are protected against various security vulnerabilities.
- Check your email using a site like 'Have I been Pwned' to check if your email has been used in any data breach. This can alert you if you need to take any information security action.
- Inspect email headers to verify their authenticity.
- Regularly backup important data to an external drive or cloud storage.
- Log out of accounts when you are not using them, to prevent access by random people, especially when using shared devices or public devices like a computer at a cyber cafe.
By integrating this simple DIY checks, you are one step closer to avoiding online attacks.
Stay safe out there, and reach out to us via email incase of any queries at hello@cybersafi.com
Cheers!
