Over 8 billion emails are sent every day in the UK, with over 55 per cent of workers using them as their preferred method of communication.
It's no wonder, then, that many of us fall victim to unfortunate email scams, when hundreds drop into our inboxes each day. Luckily, the experts at ReformIT are on hand to show us how to spot the suspicious ones and what to do when we get one...
What is email security and why is it important?
Email security is all about the services and technologies used to protect email communication from unauthorised access, data breaches and cyber attacks. It's crucial because email is a common entry point for cyber criminals to gain access to sensitive information within an organisation.
Without proper email security, sensitive data can be compromised, leading to financial losses and reputation damage.
Is there anything in particular we need to look out for?
We need to be vigilant about various email threats, including phishing attempts, malware attachments, suspicious links and social engineering tactics. These threats can come from seemingly legitimate sources, making it essential to verify the authenticity of emails before taking any action.
We use a simple acronym to help people — SLAM, or 'slam that scam', as we like to say:
S is for sender — hover over the email address it came from. It might appear that it has come from firstname.lastname@example.org but if it has been spoofed you will see the real sender appear when you hover.
L is for links — same as you did with the email address, hover over the link and the real destination will appear. If you aren't sure, then type the company's name that the email is appearing to come from into your browser and go there directly, not through the email.
A is for attachments — just do not open any attachment you are not expecting without first verifying its legitimacy.
M is for message — look at the message itself. Is it written in a way you would expect the sender to speak? Are odd words or phrases used? Identifying anything that looks unusual or unprofessional can all help.
Are there any common scams going around at the moment?
Common email scams include phishing, where attackers impersonate trusted entities to steal log-in credentials or personal information; and business email compromise (BEC), where cyber criminals pose as company executives to trick employees into transferring funds or sensitive data.
So, for example, it might appear that your supplier has emailed you with new banking details for your next payment, but in reality, it wasn’t from them and you end up paying a criminal.
Using the SLAM method helps you to spot anything suspicious right away.
Can anyone be targeted by these emails or is it just businesses?
Yes, anyone can be targeted by email scams. Cyber criminals often cast a wide net, sending out mass phishing emails, but they can also tailor their attacks to specific individuals or organisations.
It's crucial for everyone to be aware of email security best practices. And it is worth noting that charities are two to four times more likely to be a target — and we at ReformIT want to help protect as many charities and not-for-profits as we can.
What measures should we take to beef up our security?
To enhance email security, we should implement measures such as strong password policies; multi-factor authentication (MFA); email filtering and scanning for malicious content; regular employee training on email security awareness; and staying up to date on the latest email threats and security solutions.
Does the standard security software on phones or computers stop email scams?
Yes, security software on both phones and computers can play a significant role in stopping email scams. This software often includes email filtering and anti-phishing features that can detect and block malicious emails.
However, it's essential to keep these security tools updated and complement them with user education and awareness to create a robust defense against email scams. Additionally, using strong, unique passwords and enabling multi-factor authentication on email accounts can further enhance security.
It is all very good to have the right technologies in place, but training is imperative. Not training your employees what to look out for but having all the latest tech is like having the newest burglar alarm on your home, but leaving the back door unlocked.
How can we best protect ourselves and our businesses for the future?
Protecting for the future involves continually improving our email security posture. This includes staying informed about evolving threats, regularly updating security protocols and technologies, and fostering a culture of cyber security awareness within the organisation.
Implementing threat intelligence and monitoring solutions can also help proactively identify and respond to emerging threats.