Cybersecurity is important in every single business, no matter the size, type, or location. No one wants cyber criminals logging into their accounts, accessing their money, exploiting personal information, and the list goes on...
People often think of strong passwords as the only means of protecting themselves that they need to worry about, but there are tons of other factors we need to take into consideration, like email security.
What is an email compromise?
An email compromise is when a malicious actor has access to your email, and you probably don’t know it. They are seeing who you talk to, what you talk about, what you have access to, and most importantly, how they can have access to it, too.
Keys to the kingdom
Email provides attackers with a key vector of attack against you and those you know. Typically, when someone receives an authentic email from you, it is taken at face value that you were the one that sent the message.
Your email is essentially the keys to the kingdom, in a sense. Think about it – let’s say you’re logging in to an important account, but you can’t seem to remember your password. You click “forgot password” and what does it do? It sends an email
to you to reset your password. If someone else has access to your email, they will also receive this email.
Or, if the malicious actor is proactive, they can leverage the “forgot password” option to reset login information to your other accounts by responding to the email themselves. They can do this to any account that your email is associated with, like your banking account.
What types of damage can email compromises cause?
While an email compromise can be problematic for anyone due to personal reasons, like identity theft, it can also be detrimental for a business if the person who was compromised happens to be someone in a position of authority and/or has any amount of influence over financial concerns.
If inadequate internal controls are in place to handle financial transactions, it could lead to large sums of money being paid out or wired to malicious characters. The account could also be used to communicate with vendors or clients to attempt to compromise them as well, or more worrisome, to leverage your relationships to defraud them of money.
Not only can this cause financial damage, but it can also damage your reputation. Would you trust a business with your personal information after they caused, or almost caused, you or your business a financial loss?
Collaboration platforms outside of email
Communicating externally is pretty limited to email and phone calls, but internal communication is not. Have you heard of collaboration platforms, like Microsoft Teams? It may not be a bad idea to start using tools other than your email to communicate with your team.
Teams is ‘closed’ to a set of known users, and most often, the known users are others in your organization. For one, you won’t need to worry about phishing while using this tool, but on the email compromise side of things, a malicious
actor can’t easily hide their presence using Outlook rules to quietly eavesdrop until it’s time to strike.
Conversations between you and your collaborators are out in the open, not automatically tucked away into a subfolder or forwarded to the malicious actor, then deleted from your mailbox to keep you unaware. These messages to others stay in your chat history. Even if the actor tried to use Teams, it shows in the chat thread that a message was deleted by saying “This message has been deleted”.
While it’s not bulletproof, it’s certainly much harder to stay hidden inside a platform like this.
Tips to protect yourself
- When suspicious about an email, never click any attachments, links, or even reply. Instead, contact the person by another means of communication other than email (Teams, phone call, etc.) to ensure that they actually sent the email
- Make sure 2FA is enabled for all accounts possible
- Use a password manager, so that you can store multiple passwords that are all be completely different and unique
How can we help?
Protecting your email is a hard job. At Entech, we can help. If you’re a partner, please reach out to your Partner Success Manager for more information. If you’re not a partner yet, please don’t hesitate to contact us.
