Can opening an email be dangerous?
Updated: May 15, 2019
Email has become a fundamental part of business, as nearly 281.1 billion emails are sent and received on a daily basis worldwide. This statistic reported by Statista in 2018 translates to 37 emails per person.
Unfortunately, email still continues to be a popular target for cybercriminals. More than half of sent emails fall in the spam, phishing, virus, and malware categories. And cleverly crafted emails can avoid junk mail filters and end up in your inbox.
While we’re constantly warned against replying to suspicious emails, downloading attachments, and clicking a link in the email, opening a harmful email could be just as damaging.
For example, when loading a message with an embedded image, the server hosting the image can receive information from your computer.
Malicious parties can gather data such as your IP address, location, software version, screen size, device type and time. This helps the fraudsters know more about you so they can send a more personalized email for further malicious activity.
Best practices for opening emails and avoiding fake emails:
1. Encrypt your emails
Encrypting your emails is one of the most important and effective measures to protect your business or organization against malicious attempts and loss of confidential information. In fact, this is an essential requirement in the regulated industries, such as healthcare and law.
When your email system is encrypted, preferably using the state-of-the-art Secure Sockets Layer (SSL), hackers are less likely to obtain contents of an email even if they manage to intercept it. The data is secured from the time you hit the send button and only the intended person can to read the message.
While email providers like Gmail have enabled a Transport Layer Security (TLS) protocol that encrypts your emails, you should know that not all providers are backed by this encryption technology. Sending personal information or any other details using such email service providers means your messages are delivered in clear text, posing a safety risk to your organization since data can be read by anyone.
2. Train staff and set up internal policies & procedures for email security
Your staff can be the weakest link in your cybersecurity system. As technology continues to advance, new dangers are presented to businesses. Unfortunately, the risks are typically not always understood by your employees.
Creating security awareness through training is arguably the first line of defense before an issue becomes a disaster. It increases employees’ understanding and alertness to email security, especially phishing email, malware, file-sharing, social engineering scams, and mobile device security.
With a continuous training program, you can have peace of mind knowing your staff is informed of emerging email threats and safety recommendations.
Your enterprise also needs to establish email policies and procedures that will be used by employees as a base for determining the best course of actions. Simply put, this should help them know exactly what to do and what not to do. For example, specifying the right way to open attachments and the restrictions for sending and receiving emails from external contacts.
3. Scan emails for viruses and malware
Installing a virus screening solution is another excellent way to protect your business from potentially dangerous emails. You should look for an antivirus solution that automatically scans all the incoming emails and attachments, checking for the possible vulnerabilities as they are delivered to your inbox.
If there’s a concern, the software will send you a notification or block spam, remove viruses, worms, malware, Trojans, etc. The affected emails can also be quarantined early enough before they cause any damage.
When you’re relying on antivirus for security, its best to ensure the software solution used is always up to date if you want to stay protected against emerging threats.
4. Have a suitable firewall in place
A firewall offers an added layer of protection against spam messages, viruses, and malware.
Installing an enterprise-grade firewall system with advanced features and customized configurations will contain or filter malicious agents, and securely protect your company files as well as sensitive data. It can automatically block, tag, quarantine, and deliver emails based on the unique demands of your organization.
Having a firewall is your first defense against a data breach.
5. Don’t access emails from public Wi-Fi
Public Wi-Fi is never a secure network to access your emails. Information passed through such a network is easily accessible to hackers even with simple basic hacking software. Hackers can steal passwords, view sensitive business data, and launch a damaging attack.
If there’s a need for your staff to access the company email accounts outside of the office, then it’s safe for them to use their smartphone and mobile internet. You can also consider subscribing for mobile internet dongle, which the employees can always use work-issued laptops any time they’re working outside the office.
6. Block large email attachments
Generally, the recommended email containing file attachments should not be more than 10MB in size.
You should be careful when dealing with Word Docs, PDF, Excel files because they’re common targets for hackers to launch malware attacks. Extreme caution should be exercised when opening an unfamiliar attachment.
Experts recommend creating an email policy to block large email file sizes and encourage using safe alternative cloud services, such as Google Drive.
7. Close email accounts for ex-employees
Immediately remove privileges for accessing business email accounts when an employee leaves your organization. You should close, suspend, or forward it to a different employee. This helps eliminate the risk of an ex-worker misusing or sharing your sensitive company data.
Keeping your employees, customers, and other stakeholders’ confidential data safe from a security breach is extremely important. This set of email security best practices can go a long way in protecting your company from damaging attacks.
However, you should keep in mind that email threats are ever evolving. For peace of mind, you’ll want to work with a company offering cybersecurity services.
Make sure your business is safe, learn about HillCyber security services.