Running a small business has changed dramatically over just the past few of decades. While you can reach customers all over the world almost instantly, opening countless business opportunities, you must also face significant cyber security risks. 58 percent of malware attack victims are small businesses, resulting in significant costs to these companies. This aspect of running a small business, however, doesn’t have to be intimidating. You can take easy steps to protect your business and assets. The first is to secure the most common form of business communication: email. Anti-virus software can provide important protection, but this article will focus on how you can protect your business from the four top vulnerabilities in email communications.
Vulnerability #1: Lack of Training
Despite all the attention given to increasingly sophisticated hacking techniques, employee negligence is a leading cause of cyber security breaches, especially those involving email communication. For example, Verizon’s 2017 Data Breach Investigations Report found that two thirds of all successful malware attacks in 2016 were simply delivered via malicious email attachments. While that is an intimidating number, it also means that some basic training can make your business’s cyber protections top tier.
Implement a cyber training program for your employees using providers such as KnowBe4, a leading provider for cyber security training and awareness education. Your employees will complete automated virtual training sessions to stay up to date with the latest in cyber security knowledge and best practices.
Vulnerability #2: Phishing
Phishing attacks are among the most common cyber attacks using email communications. Phishing emails bait employees into sharing sensitive information by using an authentic-looking email message, address, and sender profile. Phishing is the number one vehicle for malware attacks simply because it’s effective. ZDNet.com reported one study in which almost a quarter of users clicked a malicious link in an email that appeared to be from a friend.
You can protect your business from many phishing attacks simply by following a few best practices:
- Instruct employees to examine attachments and links before opening them, even when they appear to be from known senders.
- Emphasize that employees will never be asked for personal information such as passwords or financial details over email and that any emails requesting such information should be reported immediately.
- Create a clear reporting process so that your company’s IT or cyber security department can check suspicious emails before an employee opens them. Some cyber security firms, such as KnowBe4 and Gophish, implement fake phishing campaigns to test employees and keep them on the lookout for phishing attacks. These campaigns allow you to gauge your company’s readiness for such an attack.
Vulnerability #3: Encryption
Business emails should be encrypted to ensure the messages can be read only by intended recipients and not intercepted and downloaded by a cyber criminal. A terrifying yet common occurrence is hackers intercepting email communications to acquire login information and then using account information to send fraudulent emails, make purchases, or directly transfer money. Research from the University of Michigan, Google, and the University of Illinois Urbana-Champaign found that from 2014 to 2015, up to 20 percent of Gmail messages from several countries were intercepted. This problem is especially pronounced for business handling international email communications.
To adequately encrypt your businesses email communication, consult with a cyber security professional to install appropriate email encryption. There is no one-size-fits all option for truly effective email encryption, so it’s important to invest in professional consultants to ensure it’s done right.
Vulnerability #4: Secure Passwords
When cyber criminals steal login information, especially to email accounts, they can request information from your business’s clients while pretending to be you.
Luckily, this nightmare scenario can be easily prevented by routinely changing passwords. Employees should be required to change their email passwords every three to four months and avoid using the same password for multiple accounts. Employers that maintain a large number of accounts and need to keep track of their passwords can store them using secure platforms such as CommonKey, LastPass, or Password Genie. Check your company’s passwords against lists of commonly used or breached passwords to prevent cyber criminals from simply guessing your login information. Services like Breach Alarm do this extremely effectively.
Businesses cannot operate without email communication services, but that doesn’t have to leave your company’s hard-earned profits vulnerable to cyber criminals. Taking the steps outlined above will go a long way toward protecting the security of your company’s email communications.
Having cyber security experts on your side will help protect your business and employees from the increasingly sophisticated methods of cyber criminals. Dymin Systems provides award-winning, comprehensive protection for business email communications. Our Email Defense Service blocks over 99 percent of spam is available at four different levels to meet your company’s needs. You can also access our easy-to-understand ebook on avoiding malware for your employees to read and learn the latest about cyber security.