Email Breaches Remain a Costly Threat

You would need to be new to the internet to be unaware of threats to cybersecurity. With Internet World Stats reporting that 69% of the world is now online, that naïveté is increasingly unlikely. But is your business doing all it can to prevent email breaches? We know better than to use “123456” or “letmein” as passwords, but the threat remains.

No matter the industry, global businesses are always at risk. Scammers send emails and set up spoof domains to get employees to enter access credentials online. Or criminals simply buy leaked emails and passwords from a previous data breach.

Once they’ve gained access, they can easily hide their activity. Setting up a simple “forward all email” rule gives them access to business communications. They can also see what services you use from the emails you receive.

For example, they can identify which payroll software your business uses. Then, they go to that site and say they “forgot the password.” The reset instructions go to the email they can already access. So, they follow the steps, delete the email, and take control of the account.

Criminals will also impersonate you and send invoices to your vendors or customers. They might send an invoice that looks like your genuine ones, but they end up paying the crooks.

These attacks are working for cybercriminals. So, don’t expect email breach attacks to go away any time soon. Instead, take action to reduce the risk of compromise.

How to protect your business

Educating your employees is an important first step. You can take all the steps we outline next, but humans will remain your weakest link. You'll want to:

  • institute an effective training program to safeguard your business;
  • teach employees about the risks;
  • emphasize the importance of strong passwords and good cyber hygiene.
  • Foster a culture of compliance and individual sense of responsibility for cybersecurity.

Put a password manager application in place so employees set more complicated passwords.

Enable multi-factor authentication on all email accounts. This makes it so that having the stolen credentials isn’t enough. A bad actor may have the username and password, but they also need the user’s authenticating device. That’s less likely.

Another important move is to limit access to functions and features online. Take a least-privilege access approach. This means users can perform assigned roles but can't access other applications. This can curtail the damage if one user’s credentials are exposed.

Ongoing monitoring of technology for signs of suspicious activity is also key. Set up alerts, and track activity logs. Your business wants to be able to react quickly rather than finding out weeks later about a hack.

Keep online attackers at bay

Create a business environment that prioritizes prevention and detection. Email scams aren’t going to slow soon. Instead, your business needs to take action to shore up its defenses. We can help. Contact our IT experts today at: