Email is one of the most important communication tools for businesses, so here are our top tips to stay safe…
We can all probably identify those glaringly obvious dodgy emails where things are spelled wrong, we’re offered billions of £ of ‘free’ money, or someone desperately needs our help, but what about the emails that are getting ever subtler. Phishing and spoofing scams are getting more and more sophisticated, and it can be harder and harder to spot the dodgy emails amongst the legitimate ones. That’s why we’ve produced our ‘top tips’ for email safety:
Train your teams
As we explored in our Cyber Training review, training ‘wears off’ after 4 months, and the longer it has been since your staff were trained, the worse they perform at recognising potential scams. Make sure you keep up to date with your training – consider a monthly bitesize training package like ours – so that your team is up to date on the latest scams and also has refreshed knowledge too.
Get to know the different types
If you’re getting regular training, then you can probably tell the difference between ‘smishing’ and ‘phishing’ and what about ‘whaling’? However, it can be great to have a reminder. Pull together a glossary of common email and other communication scams, to bring your team up to speed on what they are looking out for.
Create ‘cheat sheets’ of the common things to look for
While criminals are getting more sophisticated, unless they have actually hacked into a business’ system, there will be things that can help you flag up suspicious emails. Things to watch out for:
- Typos – while this isn’t a hard and fast rule, typos are a good indicator of potential scams. In fact, some criminals actively put typos into emails so that the only people who respond are those gullible or vulnerable enough to be a potential victim. A horrible, but true thought!
- Strange URLs – does the URL exactly match the company it reports to be from. Watch out for the addition of hyphens, extra words, or the like. What’s more, if you hover over a URL without clicking it, it may say one thing but be linked elsewhere – a sure sign!
- Strange spacing – while criminals are getting smarter, so too are spam filters. Spaces in the middle of brand names can help it circumvent spam filters while taking advantage of human’s natural abilities to correct off spacing.
- “Click on the link” (don’t) – how many times has someone actually asked you to specifically click on a link? Probably only the people trying to scam you. Keep an eye out for link click requests and if you think it is legitimate, go directly to the website without clicking the link itself.
Download with caution
File downloads are one of the ways that scammers hide ransomware and viruses in amongst the data. Only download if you are sure of the source, are expecting the file and if you’re unsure, verify with your contact via a phone call.
Look out for odd behaviours
Does the CEO usually send you an invoice for payment? There are plenty of scams where hackers obtain access into a system and then insert themselves into legitimate business email chains to make requests for money. Look out for requests which seem to come out of the blue when you’ve been emailing about something else, or which are odd behaviour for the person you are in touch with. You can always pick up the phone to double-check!
Install the latest security patches and antivirus
Some things can and do slip through the net, so it is important you’ve done your due diligence to minimise the impact. Automatic updates, security patches and antivirus can all provide useful failsafe’s, combatting the most common scams.
Make sure you have a robust backup and preferably a backup of the backup, with security gates between each stage. It means even if you are compromised, you can reinstate your systems from a clean backup.
Speak to our team on 01453 700 800 about robust security solutions, and how our CMDS system can add multi-factor security to your email systems for an extra layer of security.