One of the most common ways for cybercriminals to gain access to organizations is through email. Compromised mailboxes and email client vulnerabilities can give the proverbial keys to the kingdom to someone, without the user even knowing what happened. Email cybersecurity starts with good mailbox hygiene.
Here are a few email cybersecurity tips to keep your mailbox safe.
1. Beware of phishing/compromised mailboxes
Industry statistics have indicated that phishing attacks have risen dramatically since the beginning of the pandemic; with studies showing that phishing emails increased by over 300% by April. Enabling MFA helps protect your mailbox but it isn’t foolproof. The best way to prevent access is if something looks suspicious, don’t click any links or open any attachments.
Cybercriminals take over legitimate mailboxes and use those to target other people – like the contacts of the compromised account. Just because an email appears to be from someone you know, that doesn’t mean it’s legitimate. We’ve seen a number of cases where organizations have been exposed to a phishing attack because they’ve received an email from a trusted contact, only to later find out that contact had their mailbox compromised.
2. Carefully review all MFA prompts
I’m huge fan of Multifactor Authentication (MFA). MFA apps are a fantastic way to help keep mailboxes (and other systems) secure. We need to make sure we’re still paying attention and not getting complacent when MFA prompts come in. We have seen false MFA prompts coming in as an attempt to bypass security measures. Just having it in place isn’t enough – you must be vigilant about these prompts as well. If you’re prompted to authenticate but you haven’t actually tried to login to something, that’s a red flag. Not realizing when an MFA prompt isn’t legitimate may inadvertently let an attacker in. Be mindful when you get these prompts and as always, if you’re not sure it’s legitimate – please, please double check before authorizing the request. If you’d like the ADNET security team to review a suspicious alert, here’s how to contact us.
3. Keep your mailbox clean
There are a lot of reasons for keeping your mailbox clean (I know it’s a struggle for a lot of us). Let me explain why this is significant from a security perspective. If your mailbox gets compromised, there may need to be an assumption that everything in your mailbox could have been read or reviewed. While this isn’t ideal for a lot of reasons, there can be significant compliance impacts as well depending on what you have for data. Bottom line: keep only what you need to in your inbox and subfolders.
4. Keep email clients updated
Patching and updating your systems and devices is still one of the most important things you can do to protect yourself from cyberthreats. Be mindful of issues and continually check for updates on any mail clients that you’re using. Remember, if you’re accessing email on multiple devices, they all need to be secured.
Staying vigilant (and skeptical) is a key strategy when it comes to cybersecurity. Trust your instincts – if something doesn’t seem right take a moment before taking action. Consider the source, look closely, and don’t click on impulse. If you’re suspicious, reach out to your IT department (or us) to see if the email or prompt is legitimate. When it comes to email security, the phrase “better safe than sorry” is truly applicable.