Among the myriad email newsletters that flow into our accounts is one from HP. This month, it carried an interesting article about five things businesses can do to protect their company against email cyber threats. As our title suggests, these tips work for individuals and home-based businesses so keep reading.
Before diving into the tips, let’s look at the source and size of the problem. The source is emails sent using human engineering techniques to get recipients to take actions that are not in the best interests of the company or themselves. This technique goes by names like phishing and spear-phishing. As the name suggests, the bad guys are tossing some “bait” into the ether to see who “bites.”
The easiest to spot are those where someone, usually hailing from a third world country, has come into possession of a large sum of money and has miraculously selected you out of the billions of humans with an email address to share this bounty. All you need do is provide certain personal data for them to complete their generous act.
Harder to spot are those that seek to mimic a trusted source. The most common variant presents a nearly identical look and feel regarding layout, graphics, and logos. The most sophisticated use domain names that come very close to that of the real entity to add further credence. In another post, we talk about how Microsoft recently found and foiled such a ploy by the hacker group, Fancy Bears.
Do these attacks work? Oh yes, they work quite nicely, thank you. According to the HP article, FBI statistics show that business email compromises nearly doubled last year with 15,700 incidents reported for a total of 675M USD in losses. Perhaps this is where those people are getting the money they are offering to share!
Okay, what can companies and individuals do about this? Here are the five tips offered.
- Make employees aware of the problem and keep reminding them. We are all busy, and a legitimate-looking email may slip past our guard and successfully entice a response. “Just DON’T Do It,” to paraphrase the old Nike tagline for cybersecurity purposes. Don’t click or reply. If you weren’t expecting a communication, go directly to the source to confirm.
- Enforce good password practices by using strong passwords and requiring changing them every 90 days. Oh yes, it is a nuisance, but it is more expensive to ignore the practice. There are new, less onerous password guidelines from the people who brought us the current recommendations, the US agency, the National Institute of science and technology (NIST). Check them out here.
- Avoid public networks. Sure, you want to be productive and tackle those nagging emails while sipping a coffee beverage at a café. And, they have free Wi-Fi. Que the paraphrased Nike slogan again. Do not do it. Unsecured networks are ripe with malware opportunities. If you must, connect via a VPN or using your smartphone, also using a VPN. Otherwise, you can bring a virus or nasty internet bug back inside the protection of the company and personal firewalls.
- Screen what you type. People can watch what you type and capture your login credentials. NFL coaches cover their mouths when calling in plays to foil lip reading competitors. Type with one hand and cover it with the other to block the view. Also, consider screen films that limit the viewing angle to your eyes only.
- Promptly terminate network access for former employees and contractors. Failure to do so accounted for 28% of security breaches according to a 2018 Version survey. In this case, the original Nike slogan works, “Just Do It,” and do it now (for best comedic effect, imagine these last three words spoken by Arnold Schwarzenegger).
We are going to add a sixth recommendation for the ultimate in communication security,
- Employ the CRIP.TO solution to get the most secure, end-to-end encryption solution available to individuals, companies, and groups. Even with the best cybersecurity practices, at some point, your communications with their sensitive information leave the nest and fly off into the internet. There they can be intercepted and used for unintended purposes. Even standard email encryption is vulnerable to decryption, something you can eliminate entirely with CRIP.TO.
Find out more about how CRIP.TO gives you the freedom to communicate fearlessly. You deserve nothing less.