Email Security: How to best secure your email

One of the key areas you and your users need in the business is email security. Protect Your Email Account From Ransomware

The critical reason behind this is the majority of password resets will come to this account, and attackers can use this to easily reset and compromise accounts. They can even lock you out of your own email accounts and cause you to be a victim of identity theft.

Employ strong email security by using a strong, separate password and also, although this isn’t a foolproof solution, just adds complexity to someone trying to compromise your accounts, enable Multifactor authentication where it’s supported.

Make sure the password you use for your email is standalone and not used on any other of your accounts on the Internet. If an attacker were to compromise a weaker account, as the recent breach at Spotify, that password when tried against your email wouldn’t work.

 

Creating a Strong Password

When you are looking to create a password, apart from having to keep in line with the provider’s terms in needs of complexity, but you need a password that you can remember.

We suggest using three words, and you can use upper case and numbers if the site complexity requirements are to be met. If you are struggling, look at What Three Words, pick a square and use them.

Using a Password Manager

We all need to remember more and more passwords, and the temptation is there to reuse passwords to avoid having to click that ‘Forgotten Password” link.

By making good use of a password manager, personally or in the business, can help you to have hugely complex passwords without never having to remember them at all. A lot of them monitor the darker sides of the Internet for data breaches and password hacks and will actively notify you of any threat to your sites and resources.

A good password manager will also notify you of how secure your passwords are, and whether any are reused, allowing you to make your way though and keep your accounts as secure as they can be.

 

Phishing Attacks

When someone, unfortunately, falls victim to a phishing or other attack, the ensuing changes that happen can be devastating for a business. or an individual. Hence it’s so crucial that you employ the best email security.

We have seen it happen where someone clicks on a link to take them to ‘reset their Microsoft 365 password’ where it takes the account details, prompts the user to enter it in twice (just in case it was wrong the first time around!) and then take them to the main login screen for Microsoft 365 ready to log in, leaving the user none the wiser.

There are then automated processes where the attacker takes your password and quickly tries it against literally thousands of different services, from Spotify, Netflix and Amazon through to your bank, and try and get access.

We have also seen occasions where the password has been used by the attacker where they strike up a conversation with the finance team (automatically moving the messages from them into a subfolder) with the user none the wiser, with the sole goal of extracting money to be paid out of the business.

 

Top Insecure Passwords of 2020

This list is released year after year, and each year the simplest of passwords top the list.
• 123456
• 123456789
• picture1
• password
• 12345678
• 111111
• 123123
• 12345
• 1234567890
• senha
• 1234567
• qwerty
• abc123
• Million2
• 000000
• 1234
• iloveyou
• aaron431
• password1
• qqww1122

 

How are Passwords Compromised?

There are numerous ways an attacker can get hold of your passwords and phrases, here are a few of the well-documented ones. Also, there is a wide range of vulnerabilities that can be exploited to obtain these also. Your email security strategy should address all possible threats.

  • Using Social Engineering and Phishing in order to get a user to enter in credentials and passwords
  • Hackers and criminals will monitor and participate in the Dark Web to see if credentials are being bought or sold there, or even being just discussed. Credentials can be sold for as little as £1.00 per account. These can then be used on other services, such as Amazon, Microsoft 365, Netflix, etc, where they will be tested to see if a: the user has an account and b: whether it uses the same password and an easy compromise.
  • There is a technique called password spraying. This is where an attacker will take a dictionary of common and well-used passwords and variants and just try them across a number of different platforms and systems to see if they get a hit.
  • brute-force attacks – this is one of the original ways of an attacker getting access. They take a huge database of credentials, called Rainbow Tables, and test them one by one on a user’s account in an attempt to secure a breach. This can take some time for an attacker, but it’s all automated and can be left to just run in the background until they get a hit.
  • Looking over the shoulder of someone, even from a distance, to spot a pin or password. It’s more common than you think.
  • When we have been involved in Penetration Testing for a business, there are a couple of basic goals. First of all to get past any physical security and gain access to a building. The next first few tasks involve the following;
  • Getting a password hash file from an unattended computer. The hash file can be broken and decrypted to reveal passwords that have been used to log on to the computer, including any administrative level passwords
  • Checking desks, unattended notebooks, etc, for written down passwords, passwords on sticky notes on screens or keyboards.
  • Password guessing, if we know a little about the user, we can hazard some educated guessing of passwords.
  • Getting in between a computer and the network, intercept the password during transmission, and decrypting it.
  • Keyloggers. Putting a small device either physically between the keyboard and computer, or a small program on the computer, to document and log each and every keystroke

 

Summary – Email Security

Be as creative as you can be when creating passwords for your accounts, the longer the better where you can and the systems support it.
Your social media accounts and online presence can give away clues to what your password may be, don’t use your children’s names or your football team to create your password.

Don’t use the easy-to-guess ones, when an attacker is looking to brute force an account by sending a deluge of passwords to the service, one of the first ones on the list to try Password, Pa55word, Password123, etc.

Past Blogs

what is dmarc

What is DMARC

What is DMARC and Why Does Your Business Need It? When it comes to protecting your business from cyber threats, email security is often overlooked. Yet, email is one of...
Why is password management software important

Why is Password Management Software Important

Why is Password Management Software Important for Your Business? In today’s digital world, passwords are the keys to your business’s most sensitive information. From...
What is Email Filtering ?

What is Email Filtering and Why Every Business Needs It

Email is the lifeblood of business communication, but it’s also one of the most vulnerable entry points for cyberattacks. According to research, 96% of cyber threats...
What’s your business’s view on Return to Office?

What’s your business’s view on Return to Office?

Do you love keeping your employees happy by allowing them to work remotely? Or do you think everyone is more productive in the office? Businesses are divided on this...
Outdated backup systems could leave your business vulnerable

Outdated backup systems could leave your business vulnerable

When did you last review your business’s backup tools? Outdated backup systems can fail to protect you from modern threats, like ransomware attacks. If you want a...
Microsoft’s fixing this annoying Windows 11 fault

Microsoft’s fixing this annoying Windows 11 fault

Fed up seeing useless “Recommendations” in the Windows 11 Start menu? Good news – Microsoft’s making them more helpful. Here’s how the improvements could help your team...
Beware that corrupted email attachment: It could be a scam

Beware that corrupted email attachment: It could be a scam

Cyber criminals get more creative every day. The latest scam designed to steal your business data uses corrupted Word files – and getting fooled is easier than you...
Are your employees your security’s weakest link?

Are your employees your security’s weakest link?

Great employees have the same goals you do. But while they’re working hard to help your business succeed, they could accidentally be opening the door to cyber...
The two big threats of doing business on public Wi-Fi

The two big threats of doing business on public Wi-Fi

Public Wi-Fi can be a lifesaver when you must send an urgent email while out of the office. But did you know it can also put your business data at risk? These are the...
FOMO is driving businesses to spend more on IT 

FOMO is driving businesses to spend more on IT 

FOMO – the fear of missing out – can creep into many aspects of your life. This can include FOMO over business tech, which is driving many businesses to spend more. But...