Four good practices to avoid email-related cyber-attacks

The preferred entry point for hackers on the Internet is email. And the massive growth in teleworking caused by the pandemic has increased the number of attacks, especially by ransomware. Indeed, the Experts Club of Information and Digital Security (Cesin) estimates that by 2020, 57% of companies have been victims of a computer attack. A number quadrupled in one year.

However, it doesn’t have to be that way! There are solutions to protect your company. This requires the adoption of several good practices, which we deliver in this article.

 

Good practice #1 – Raising awareness among employees

cyberattaques email

The first thing to do is to communicate to your teams about the risks of cyber-attacks and the consequences they can have for the company. This means explaining how to recognise a suspicious email and the various precautions to take to secure access to their email. Your employees will be encouraged to set a secure password, limit the sending and opening of attachments, not click on links that seem suspicious, not divulge confidential information, check the identity of the sender, etc.

It is also important to stress the importance of notifying the IT department in case of a suspected fraudulent email. The reaction must be quick so that they can initiate the appropriate procedure before the virus spreads and causes significant damage.

 

Good practice #2 – Safeguarding sensitive data

sensibiliser collaborateurs

Since the implementation of the RGPD, cybersecurity issues have become even more strategic for companies. The security of access to the information systems and personal information must be guaranteed.

To secure data, it is essential to implement a rigorous password management policy.  This is the first level of security for your employees’ workstations. Passwords must be complex, difficult to guess, confidential and renewed regularly.

For greater security, set up your employees’ workstations so that they lock automatically after a few minutes of inactivity. It is also essential to protect files containing sensitive data and to limit access to authorised persons only.

Still with the aim of securing the information systems, it is important to encrypt sensitive data such as those relating to health, payment information, etc. All these preventive measures go in hand with protection of the network infrastructure with the installation of firewalls, filtering routers, anti-intrusion probes, load-balancing systems and detection of DDoS attacks, etc.

 

Good practice #3 – Keeping control of email traffic

trafic mail

Email is still the most used communication channel in the world. Users receive hundreds of emails a day. This is both stressful and inefficient, but it also has a significant impact on exposure to cyber-attacks. As our email security report shows, more than 75% of emails are unwanted.

This is why the control of email traffic is essential: it is necessary to ensure that fraudulent emails remain at the doors of the company’s IS. But this filtering must be fine and precise so as not to eliminate valid e-mails that are relevant to employees.

This is why it is important to set up and constantly adapt filtering rules, to maintain allow and block lists, to place emails that are not fraudulent but suspected of being commercial in a quarantine zone.  Users will be able to access it so that they do not miss any important information.

Good practice #4 – Deploying an email security solution

To strengthen the security of your business email, it is essential to deploy email protection software (such as antispam or antivirus). These solutions are updated as new cyber-attacks appear. They are perfectly adapted to the different professional email solutions, starting with Microsoft 365 Exchange. These tools filter spam by checking multiple criteria, automatically blocklist certain senders, protect your reputation (for sending mass emails, etc.).

Email solution providers offer native anti-spam solutions, but they are not always (or rarely) sufficient. It is thus essential to ensure a reinforced protection thanks to dedicated tools, such as Cleanmail. The advantages are numerous: email protection, cleaner email inbox, filtering finesse, quarantine management, time saving for email management…

To remind people of these four essential recommendations, do not hesitate to write down all the good practices in a document available to your employees. Communication and team awareness are also essential for the proper protection of your business email.