Email has existed for almost as long as the internet has, and despite the advent of social networks, blogging, instant messaging, and so on, email remains one of the most popular ways to communicate online.
It’s also one of the most effective ways to market your website or brand, too. Simply writing a good message with an offer and then sending it out in bulk to a list of active email subscribers is one of the best strategies to get a high conversion rate and keep your customers/audience engaged.
Unfortunately, email is also the number one target for cybercriminals and hackers to gain access to you and your customers’ data. That’s right, it’s not by going after your network or your website (even though those are also prime targets), but rather your email.
Even if you believe that your online business is not at risk, the truth is that 43% of all cyberattacks are aimed directly at small online businesses. As a result, this is simply not a risk that you can ignore, at least not if you strongly value keeping your company and customer data safe.
In this blog post, we’ll discuss what these mistakes are and how you can easily avoid them. Let’s get started.
1. Don’t Fall for Phishing Attacks
This is one of the oldest tricks in the game that email hackers use, yet people still fall for it.
Basically, a phishing attack is when a hacker sends a legitimate looking, malicious email in an attempt to steal data.
To be more specific, the hacker will send out an email that looks like something the email recipient wants or needs (such as a note from a coworker or a financial request) so they will feel compelled to either download an attachment or click a link in the email.
Once the attachment is downloaded or the link is clicked, malware is installed that the hacker can then use to view and steal information to commit identity theft, make purchases, or even steal money.
So, how can you ensure that you never fall for a phishing attack, no matter how legitimate the email looks?
First and foremost, if the email seems suspicious in any remote way, you need to contact the organization or individual that (supposedly) sent you the email and confirm that they did indeed send it. DO NOT reply to the email or click any links or attachments sent within it until after you have confirmed that it is legitimate.
You can also install firewalls and anti-malware software to help prevent an attack should you or someone else working for your business indeed fall victim to a phishing attack (more on this later).
Finally, you should also regularly run backups of your data (ideally once a week at the very minimum). This way, even if malicious software is installed over your network that deletes your data, you can restore that data.
2. Using An Unsecured Public Wi-Fi Network
Here is a very basic rule that you should make for yourself and anyone else who works at your company:
Never access business-related email accounts while using public Wi-Fi hotspots. Period.
Public Wi-Fi is any Wi-Fi network accessed by the general public, usually without a password. Restaurants, coffee shops, libraries, airports, and hotels are examples of common places that offer public Wi-Fi hotspots.
Public hotspots stand in stark contrast to private networks. Private networks have many access rules and restrictions in place to regulate who can and can’t gain access. Public networks, on the other hand, have little to no restrictions.
Are public Wi-Fi hotspots convenient? Yes! But they are rarely secured, which means users aren’t required to use aWPA2 (ie, secure) password. Additionally, public Wi-Fi networks are rarely encrypted (more on encryption in a bit).
As a result, it’s easy to see how public Wi-Fi hotspots are natural targets for hackers. Hackers will often use what is called “keystroke logging,” which is when software or a hardware device is used to covertly record or monitor the what is typed on a keyboard.
The keylogging software is installed by malware. Then, the hacker has access to each key pressed on a keyboard. This means a hacker can read credit/debit card numbers, usernames and passwords, messages, emails, and literally anything that you type.
What’s even more alarming is that most Americans aren’t aware of the dangers of using public Wi-Fi. Last year in 2017, an astonishing 61% of Americans believed that public Wi-Fi connections were either “very safe” or “somewhat safe.”
To be safe, make it a policy to never use public Wi-Fi connections to access your business email accounts (or any other sensitive data, for that matter).
3. Failing To Use A Firewall
A firewall is a security device designed to monitor network traffic. It determines what traffic should be blocked or allowed, according to security rules.
In other words, a firewall is essentially one of your first lines of defense against hackers and cybercriminals.
There are many different kinds of firewalls that you can use. One of the most common types of firewalls is called Stateful Inspection. It monitors all activity once a connection is opened and blocks or allows traffic based on rules that you set.
Another popular type is known as the Proxy firewall. This is a gateway from one network to another network and prevents connections from outside those networks.
A more advanced type of firewall is called the Next Generation, which goes beyond simply monitoring and filtering traffic. A Next Generation firewall is designed to guard against more modernized threats, such as advanced application attacks.
Therefore, it needs to maintain existing capabilities of the Stateful Inspection Firewall while also integrating with improved application awareness. This means it must contain current information on connected applications for a more efficient operation.
4. Not Using A Password Manager
While a firewall may be a line of defense against email hackers, your true first line of defense is your password.
Most people are aware of the importance of a strong password. You know the guidelines: at least eight to ten characters, a variety of symbols and numbers and letters, don’t use any words, etc.
While that’s great, in this day and age, it’s hardly enough. Hackers can easily use advanced software to crack any password you set no matter how strong it is.
But what if you could set strong passwords AND change those passwords on a consistent and regular basis?
That would make your passwords much more difficult to crack, and it’s where using a good password manager comes in handy.
A password manager is a service that can generate, change, and store passwords in an encrypted database. Passwords are stored either on your mobile device or remotely in a file hosting service online.
You can then link the manager to your email accounts and easily create strong passwords. You can also always change passwords to make it as difficult as possible for hackers to crack them.
5. Failing To Set Up Multi-Factor Authentication
Setting and changing strong passwords with the aid of a dependable password manager is definitely a very strong security method. One more step you can take, though, is to set up multi-factor authentication.
Multi-factor authentication is fast becoming a necessity when it comes to security nowadays. Why? Even if a hacker does manage to crack your password, they’ll still be denied access to your email.
It’s also incredibly simple to set up multi-factor authentication, so it naturally begs the question, why not use it?
If you’ve never used multi-factor authentication before, here’s how it works: after you type in your username and password to access your email, you then have to type in a PIN code generated from a two factor authorization app on your phone. Without the pin code, you can’t successfully log in.
6. Not Encrypting Your Email
Last but certainly not least, you’ll also be making a major security mistake if you fail to encrypt your email.
Email encryption means that no one is allowed or able to read your emails other than yourself and your intended recipient(s).
This is done by using a coding scheme that will convert your messages into unreadable formats. A private key, shared only between yourself and your recipient(s), can be used to decrypt the message.
One of the most popular encryption methods is called the PGP method.
This method encrypts and compresses the email message, which makes the message unreadable and saves disk space.
Then, the system creates a session key that’s sent with your encrypted text. Your recipient(s) use the private key to access the session key, then decrypt the message.
While this probably isn’t necessary for everyday e-mail communication, it’s certainly something worth doing for sensitive legal, customer, or financial information.
Nearly fifteen billion spam email messages are sent every day.
A significant percentage of those messages, around 45%, also contains malware and viruses designed to infect your network or your computer (or both).
Whenever you use email, there’s always a risk that hackers will intercept it in an attempt to steal data.
But here’s some comfort: you’ll substantially lower the risk of getting hacked if you avoid the mistakes we mention using the methods we’ve shared.
As one final piece of advice, remember to train your employees on these methods, too. A team that knows the best practices and how to avoid these mistakes is a benefit to your business.
Sam Bocetta is a retired defense analyst for the U.S. Navy and freelance correspondent for a number of media organizations, specializing in writing about cybercrime, cybersecurity, cryptography, engineering, national defense, politics, and technology.