View All R&D Articles

Are You Using Safe Email Practices?

August 15, 2019

Eduardo Dutra / Pexels

Even as communication and project management tools like Slack, Cisco Spark, and Hive gain popularity, email continues to be the most widely used medium for both internal and external business communications worldwide. Additionally, while it’s largely been overtaken by text messaging and social media, email still plays an important part in interpersonal communications all over the world. 

With that level of ubiquity, it’s unsurprising that email remains the most commonly exploited attack vector for hackers; according to Hashed Out by the SSL Store, 91 percent of cyber attacks are initiated via email, costing businesses and consumers millions annually.

But there are steps that you can take to help guard yourself and your business from potential attacks—many of them surprisingly simple:

Limit public access to information. For businesses, one of the easiest ways to lower the chances of a potential email attack is to publish only the email addresses employees who need to be accessible to the public; a potential attacker can’t send a malicious email to an address they don’t know. Try not to publish any other contact information like phone numbers and addresses unless it’s absolutely essential, as this information can be helpful in fraudulently accessing privileged information. 

Don’t enter your password. Unless you’re going through the process of resetting your password, a request to enter your password after you’ve already logged into your account is a strong indicator of a likely phishing attempt. If you aren’t 100% certain that the request is from a legitimate entity, don’t do it. 

Watch out for links and attachments. Much like entering a password, never follow a link or open an attachment unless you’re 100% certain that the sender is trusted and the link or attachment is legitimate. For hyperlinks, take a moment to hover over the linked text in your cursor, and insure that the destination URL is legitimate. Oftentimes, would-be attackers use shortened URLs, (e.g., t.co, bit.ly, etc.); in that case, you can use a URL expander like checkshorturl.com to see where the link leads. 

If it looks suspicious, it probably is. Phishing attacks can be surprisingly sophisticated these days, but vigilantly looking out for peculiarities is still a great way to spot them. If you notice that a message is sent from an unusual email address (for instance, if you receive an official-looking email from a domain name other than the organization it claims to be from), or that a message contains lots of grammar, spelling, and formatting errors, there’s a good chance you’re looking at an attempted attack. 

Whether it’s a personal or business account, a breach in the security of your email can give bad actors access to a wide variety of sensitive information at a high cost to you or your business. Fortunately, good email hygiene simply requires some common sense (and sufficient training for other individuals in your organization).