E-mail is the lifeblood of many businesses. In a single day, many business owners will use e-mail to contact employees, customers, and suppliers. Owners also often deal with sensitive information, such as company bank and credit accounts. Access to an executive e-mail account can be the “keys to the kingdom,” opening up access to nearly everything a business does. Given this, it is easy to see why corporate e-mail is an attractive target for hackers.

How Do Hackers Get In?

The bad news it that most hacks begin with human error. But the good news is that you can take steps to mitigate these threats starting today. Here are a few common ways that hackers gain access to corporate e-mails:

• Weak Passwords: While a relatively short and easy to remember password might seem secure enough to the average person, it isn’t going to stop a hacker. Hackers have access to sophisticated tools which can easily crack short or non-random passwords. For best security, use a password that is 14 or more characters long, and composed of random numbers, letters, and symbols.
• Duplicate Passwords: Don’t ever use a password on more than one account. While it’s tempting to make one secure password and try to remember it, it is a serious security risk. Seemingly every month we hear of massive data breaches at major companies. For example, Yahoo suffered a breach in which 3 billion accounts were compromised by hackers. Consider the potential consequences if you had used the same password on your Yahoo account and your corporate e-mail (or bank accounts).
• Malicious Software Downloads: Another favorite tactic of hackers is to convince users to download seemingly innocuous software, which has a secret payload. Malicious software has evolved to do far more than simply steal passwords, but it is still a major threat to guard against.
• Phishing and Social Engineering: “Phishing” is a technique employed by hackers to trick users into revealing their passwords and other credentials. Often, an e-mail will be sent which claims to be from a legitimate company, asking for the user to enter a password to verify their account. Some are easy to spot, but others are quite sophisticated. Sometimes, they are specifically targeted at high profile users, such as corporate executives. This latter process is also known as “Spear Phishing.” Phishing can also be done over the phone, in a process known as “Vishing.” A phone call can give a cunning and convincing fraudster a better chance to sweet-talk users into handing over their credentials.

How Can I Protect My Business?

E-mail security threats are always evolving, as cybercrime is a multi-billion dollar business. The reality is that with big money available, many hackers are highly motivated and intelligent individuals. While there is no way to be absolutely safe, a few simple steps can go a long way towards ensuring that you won’t be a victim.

1. Use A Password Management System: This is a big one, and every business should have a password management system in place. Password managers can be used to create strong, random passwords without placing undue burden on the user. With a business-grade password manager, you only need to remember one password in order to keep all of your accounts secure. You should also use Multi-Factor Authentication (MFA). The most secure methods of MFA are phone apps such as Google Authenticator, or physical keys such as those sold by Yubico. Once an account is protected by a strong password and Multi-Factor Authentication, it becomes very difficult for a hacker to compromise.
2. Employee Security Training: For all of the technology risks out there, human error is the easiest for criminals to exploit. The most secure system can still be bypassed by the phishing and social engineering attacks mentioned above. There is really no substitute for proper cyber-security training to make sure that you and your team are ready to deal with e-mail security threats.
3. Have a Full Security Plan: Don’t wait until there’s a problem to start planning. Though most breaches begin with human error (such as clicking on a link), a proper security setup can mitigate or eliminate any serious damage. Make sure that you have a business-grade antivirus and anti-malware solution, a properly secured network, and secure backups of your important data. If you currently have an IT provider, ask about how you are protected, and talk about employing a “defense in depth” security strategy.
4. Keep an Eye Out: It can be tough to know when your e-mail has been compromised, since an attacker might wait some time to play his cards. If any of your accounts have been leaked in a large data breach, you can check at the Have I Been Pwned? site. If your address shows up in the lists on that site, contact your IT professional for more information and next steps. If a hacker has targeted you or your company specifically, it likely won’t make it to any lists. The best way to detect such activity is to examine logs for signs of suspicious access. This can be done by an IT security expert.

That’s a quick run down of some ways that business e-mails can be compromised, and what you can do about it. Protecting your business accounts has never been more important, and the threat has never been greater than it is today. Luckily, the tools available to businesses are improving all the time. If you’d like to speak to Qualia Computers about your company’s e-mail security, please feel free to contact us. We are happy to talk about your current situation, and suggest next steps to keep your business secure.