View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

4 major email cyber security threats and how to tackle them

List: Phishing scams and spam - what email threats should you be looking out for?

By Alexander Sword

Email is one of the most common routes in which a hacker can gain entry to your data and organisation. Organisations should be vigilent to this every-day tool, with constant reviews in how email security can be improved.

Here are a few of the major email-related threats out there and how they can be mitigated.

 

 

1. Human error

As Tony Pepper, CEO of Egress, says, “despite the fact we know that human error is the leading cause of data breach incidents, organisations continue to fail to tackle this problem.”

Pepper was speaking in the context of the news today that Microsoft accidentally sent out an internal dossier containing profiles on members of the press to the magazine Gizmodo.

The leak was probably due to the autocomplete function on email, which supplies the email address of common recipients based on the first few characters that somebody types into the ‘to’ field.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

In Microsoft’s case, the leak was perhaps slightly embarrassing but hardly damaging, but it would be easy for the same leak to happen with more sensitive information.

The obvious solution here is for employees to take more care, which may require some training from the IT department in good email hygiene.

However, implementing controls on the data itself, such as encrypting it with keys that are only shared internally, is another way of preventing this kind of data breach.

 

 

2. Phishing

According to research by Cyber Security Partners (CSP), there are 156 million phishing emails sent every day.

Phishing emails essentially aim to trick a user into giving up personal information.

A spear phishing email is more targeted still, appearing to be from an individual or business that you know.

The growing amount of information that people are putting online is making targeted phishing scams more common.

A recent scam, for example, sends an email to all of a victim’s contacts, claiming to have been stranded at a foreign airport and asking for the money to fly home.

Solutions include training employees to recognise the hallmarks of a phishing scam and to establish controls to ensure that the sender of a message is always verified.

 

 

3. Attachments

A common email-based attack uses attachments to get a document with malicious code onto a victim’s computer.

The attached file could be almost any type. It could be a Microsoft Word document claiming to be a CV, or a PDF claiming to be a financial report.

The executable code is concealed within the document; in Microsoft Word this could be hidden in the form of a macro. Once the user enables macros, the code is executed and the PC can be taken over.

As well as training employees to recognise these kinds of documents, there is firewall and antivirus software available that can easily  detect these kinds of files and

 

4. Credentials

There have been several major cases in the news recently of account details such as usernames and passwords appearing on the Dark Web, with big companies involved such as O2 and Yahoo.

From an email perspective, this is a cause for concern. Employees are likely to have a consumer email account to use for tasks outside of work.

However, due to the difficulties involved in creating and remembering multiple passwords, people will often use the same passwords for multiple accounts.

Then, when a low security database is hacked into and these details are stolen, these details will still be valid credentials for accessing the email account.

This is a good reason to ensure that employees are given the tools that they need to do the job.

If employees are regularly finding their work email accounts inadequate for the tasks that they need to complete and resorting to using consumer email applications, it could be just a matter of time before sensitive corporate data is sitting inside their consumer account.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU