With the New Year here, many of us have resolved to take our email security more seriously. Maybe we’re unsubscribing from all those promotional messages, being more thoughtful with our replies to colleagues, or striving for that elusive state of inbox zero.
Like most New Year’s resolutions, the extra attention we’re paying to the emails we receive and the emails we send might not last long. And that’s just what hackers are hoping for. With the first full work week of 2020 under way, security experts are already seeing new phishing attempts that deploy a variety of tactics: links to voice mail messages, requests to reset an expired Outlook 365 password, or even just a quick, conversational “Hello, have you got a minute?” message with a link to a URL.
All three of the above examples can lead to different forms of data compromise, malvertising, or ransomware infection. Opening a fake voice message file can install malware or other dangerous strains of data-stealing software. Entering your existing O365 password into an illicit website can lead that account (and others) to be compromised. And the wrong click on the wrong URL can lead to a world of cybersecurity danger.
How can you protect yourself in the first few weeks of 2020 — and throughout the year?
1. Inspect all URLs closely before you click on them.
The easiest way to do this is to hover over a URL and make sure the Internet address that appears behind your mouse cursor matches the URL listed in the email copy. As an extra measure of security, if you receive an email notification purporting to be from a big company like Microsoft, FedEx, or Google, don’t just click on the link that says microsoft.com, fedex.com, or google.com—manually type those URLs in to avoid being tricked into clicking on an illicit link.
2. Don’t open email attachments unless you’re expecting them — and they’re from a trusted source.
Many of the most dangerous strains of viruses and other cyberthreats come from attachments: malicious PDFs, Word documents, Excel spreadsheets, and MP3 or WAV files disguised as audio clips. Curiosity so often leads to computer users unwittingly clicking on files, even though the lesson is simple: if you don’t know the sender and aren’t expecting a file from them, don’t click on it!
3. Read subject lines, body copy, and email signatures closely.
The craftiest cyber thieves will often try to disguise their spam emails with sender names, domain addresses, and subject lines that look familiar (email@example.com instead of firstname.lastname@example.org). Translate all that extra attention you’re paying to the New Year health of your overall inbox to the details of each message you receive, looking for misspellings, awkward phrases, or slight changes to traditional email signatures. A sharp eye can often detect even the best phishing attempts.
4. Implement multi-factor authentication.
Multi-factor authentication, or MFA, is critical in this digital day and age. A login process that contains two or more crucial steps, MFA requires a user to enter two or more credentials. Typically, this involves something you know (a password), something you have (a unique code usually delivered via text message, email, or phone call), or something you are (a thumbprint or other identity verification to approve a login request). Even if a password is compromised, using MFA can prevent a data breach or hacked account.
5. Work with a trusted IT provider to implement network security tools.
No single layer of cybersecurity can provide comprehensive protection. That’s why it’s so important to deploy multi-layered solutions like anti-spam, anti-malware, Internet traffic analysis, and network intrusion detection. All of these are best implemented with the help of a trusted business partner who has your short- and long-term needs in mind.
At CMIT Solutions, we work hard to protect our clients from evolving digital threats. From email phishing attempts to social engineering and data breaches, we understand the cybersecurity landscape and pride ourselves on remaining a step ahead of hackers and other bad actors. Want to know more about how to keep your data, your systems, and your employees safe in 2020? Contact CMIT Solutions today.