Have you ever been a victim of malware or viruses downloaded from email attachments, which did not arouse any suspicion on first glance? I think everyone got into this situation, regardless of how computer savvy you think you are. It is not about the lack of education, but banal carelessness.
Nowadays it is difficult to imagine even one office where employees do not use email. This is an indispensable element of communication between companies and customers.
Such a huge amount of emails being sent every day is a fertile breeding ground for threats to both personal and corporate information security.
The Radicati Group (USA), a research company of information security in networks around the world, presented an interesting analysis of the use of email and made a forecast until 2019 by analyzing the data. Some of the forecasts:
Phishing is designed primarily to steal money from users. We have already written about the most fancy forms of phishing. Cybercriminals can be anyone from the representative of your bank to a distant relative. It's all just about getting your personal information - user names, passwords, credit card details and so on.
Most often malicious code takes the form of malicious executable applications (EXE files) that are automatically installed on the device after downloading. Once the program is installed, the attacker gains unauthorized access to the target system and pulls out all the important information from the infected device.
Please note and remember - not all antivirus software can detect malicious code. Just do not click on everything. Is it a go or not?
So, the malicious code has already made itself at home on your device and fished everything that it needs. And now comes an adventurous time – a DDOS-attack. Your device has already been infected and now begins to infect other devices on the network with the help of the remote control. In such a way a group of infected devices is formed that sends huge data streams to a server, which eventually will be down.
There are cases when you can get into trouble without infection. For example, the arrival of a large number of incoming emails that overflow the mailbox or cause a host server to malfunction. This may be entertainment for hackers, but it’s a pain in the neck to users.
This type of threat is the scourge of the largest companies, because the attacker is an employee. According to Dr. Eric Cole, a recognized expert in the field of computer security in the United States, the majority of insider attacks inside companies are accidental. Oh, wait! It turns out that the main threat are not hackers... but reckless staff.
ХAlthough hackers can land in hot water too. They create fake accounts and seek to cause harm to the company through the introduction of viruses, worms and other malware. I remember the TV series "Mr. Robot", where a talented programmer turns into an invincible hacker. However, it will be interesting to see to all fans of movies about cyber criminals and those who involved in information security.
But let's get back to reality. It is very difficult to illegally enter the information system of the company, so hackers use social engineering techniques to trick people and make them give out confidential information. Simply put, hackers cheat, and people are easily lured into opening a link, running an infected program, etc. Nowadays hackers are attacking everything and anything by seeking profit everywhere without resorting to special tricks. Here is a simple example: from the thousands of sent emails with the following text “Send me the report on this address, I have no access to working email now” at least one email message will be sent with a report in reply. You can't always correctly judge what is happening whenreceiving such emails. Many factors affect it. They are much more than just carelessness. There is a need for a comprehensive approach to reduce the risk of information security violations by social engineering. We will discuss it later.
While most organizations are looking for flexible solutions to meet the growing needs in the field of email security, they often forget about humans.
Violation of data confidentiality is often caused by human errors, for example, accidental leakage of information via outgoing emails.
The Norwegian company Safe Send, which deals with the protection of information from insiders, writes in its blog that the security measures within companies are often used only for incoming emails, but outgoing emails are vulnerable too.
The Verizon DBIR report, from one of the largest telecommunications companies in the Western Hemisphere, said that the delivery of the message to the wrong person is the most common mistake that leads to the disclosure of confidential data accounting for 30.6% of the cases.
The percentage of cases involving errors that were preventably committed by internal staff is 60%. I think these figures are catastrophic with regard to the integrity of information security within the company.
So how can we protect ourselves from email security threats? There is a whole bunch of useful resources on the Internet. Just Google it!
But I've googled it for you and compiled a list of small tips. You are welcome.
If you are a director, make it a rule to hold a periodic staff training on the most current topics of information security. Tell employees about all known tricks of cyber crooks, how to identify them and how to not fall for them. Distribute reminder cards; you can even hang posters on the walls. It takes a lot less time and effort than restoring a compromised server, reputation and financial position. It certainly will not result in a world without fraud and you can never rule out the possibility that even a trained and attentive employee will not be able to make a mistake; but compliance with all the rules will be able to minimize the risk.
Basic tips for directors:
Another important step for the protection of email is encryption of data and attachments. However, if you're reading this post right now, then most likely you use SFLetter.com and already know about this service. For large companies we have another solution - StarForce E-m@il Enterprise.
Finally, check recipients of your email message, texts and attachments twice before you click "Send"; and check the contents of emails that you receive thrice. It's not so difficult to keep the upper hand against cyber criminals, just follow these simple rules.