Best practices for email and internet security
As technology advances, so too do ways to exploit it. Each time a company releases a new piece of software or software update, there are people probing it for weaknesses. While software companies are always mindful of this, there will always be security issues that slip through the net – meaning that users have to be vigilant about internet security.
For email users, not every malicious message will get caught in spam – and for those of us browsing online, not every site or download is safe. Preventing lapses in email and Internet security means protecting your computer, but also internalising a checklist to identify potential hazards, and keep your data safe.
What security risks are posed by the internet and email?
It’s impossible to work in the modern age without using the internet. From email to file sharing to Cloud-based apps, the internet is central to how we communicate with clients and between sites. As essential as the internet and email are, however, they can pose a number of different risks to your and your organisation’s security.
These risks include:
- Exposure of data. Without the proper precautions, data can be exposed through careless use of both emails and the internet. This could not only compromise people’s privacy, but breach data protection regulations or non-disclosure agreements.
- Exposure of the company network and systems. Scams such as phishing are spread through email, and can provide criminals with an entry point into a company’s systems, leading to networked workstations being infected, and files deleted or stolen.
- Malware infection. Malware is often spread through the internet and email messages, and can compromise workstations or networks, rendering them slow or inoperable.
- Damage to company reputation. It is important that the company is represented on the internet and through email in a responsible and professional manner. Being the victim of a breach or malware infection also reflects poorly on your approach to digital security, which could affect your image, particularly if you keep a lot of customer data.
How email can be a security risk
Despite the proliferation of communication tools such as Slack and Teams, email remains central to communication within and across businesses. The regularity and casualness with which we use email can lead us to treat it like a conversation had within the office, becoming casual with the data we share.
This approach to email can be dangerous. Not only are emails subject to be shared or intercepted, but they can also be a means by which malware and other malicious files are transmitted. Something as innocuous as seeing an email that appears to be from an acquaintance and downloading a file from it could cause thousands of pounds worth of damages.
Security risks associated with email use include:
- Sending sensitive data to the wrong persons. This is particularly common due to mistakes with features such as cc, bc, bcc, and email forwarding.
- Malware-infected attachments. Attachments downloaded from emails can run malicious code even if you don’t open them.
- Entering credentials on fake web pages linked in phishing emails. Scammers will often impersonate a company and send you to a site that looks like the real thing, but is actually intended to steal your data.
How the internet can be a security risk
While we often think of the internet in terms of a few central hubs – namely social media sites – the internet beyond those is incredibly vast. Anyone can create a website, and while there are tools to help identify a fake page, it isn’t always easy to tell at a glance what is genuine. Cybercriminals use a variety of tactics to ‘spoof’ legitimate sites, and circumvent security tools and features.
The internet is also somewhere that it’s very difficult to remove data from. Any time you share anything online, it should be done with the knowledge that someone else may see it and use it. With the ability to rehost days as quickly as it can be taken down (and generally much quicker), anything that gets leaked or compromised is probably there forever.
Security risks associated with internet use
The Internet has changed our lives in countless different ways, whether it’s how we bank, shop or watch TV, all the way up to how we communicate with our friends & family. The role the internet plays in our modern lives is such that it often blends into the background, and we don’t stop to think about how powerful and global a tool it is.
While GDPR has made some improvements to the transparency of data collection, it’s worth remembering how much data we tend to give out online, where this data might be going, and what it might be being used for. Think about some of the sensitive information you share on a daily basis:
- Credit card and banking details
- Your current location
- Full name, date of birth, home address
- Political preferences and buying habits
- Sensitive company information.
Remember that all of this information holds value, whether that’s to advertisers or cybercriminals. If it were to fall into the wrong hands, it could have a number of negative impacts for both yourself and your employer – ranging from everything from identity theft to blackmail to corporate espionage.
Email security best practices
Here are 4 essential steps for helping you stay safe and secure when using email:
- Ensure you know who you’re sending emails to. Whenever you send out sensitive data, double check the recipients’ email addresses. Also ensure that the addresses are in the ‘bcc’ rather than the ‘cc’ field if you do not want the recipients to see each other’s email addresses.
- Check what information you are sending, forwarding or attaching. Whenever you forward email conversations, check that there is no sensitive data or personal information further down the conversation. Also check that any attachments you send don’t accidentally contain sensitive information.
- Avoid following links in unexpected emails. Phishing emails may try to get you to follow a link to a fake landing page, which may try to harvest your email credentials or other log-in information.
- Don’t open or download unexpected attachments. Never open or download attachments unless you are certain who sent them and for what reason, as cyber criminals can send out malware-infected attachments.
What to do if you’re unsure
When using email and the internet, you are likely to encounter situations where you are not completely sure if you’re dealing with a legitimate site or email, or what the security risks could be.
In these situations, you should:
- Think about what could be at risk. Are you entering data or credentials? If you’re dealing with a cybercriminal, what could they gain from this?
- It’s always better to ask. Your IT support team will be able to help you verify whether sites and emails are legitimate, so it’s best to ask for help if you’re ever unsure.
- Always report any incidents right away. Entered your email password on a log-in page, but now have a growing doubt in your mind about whether the site was legitimate? It’s always better to report the incident to your IT support team right away – don’t wait and risk giving a cybercriminal time to make use of any information they gained.
We hope that this advice provided some useful insights on how to stay safe online. If you’re still unsure or need help with this, Sota have a wealth of experience in cyber attack prevention. To learn more and find out how we can protect your business, get in touch with us today.