Cyber criminals leverage a variety of strategies to gain access to email accounts, such as sending targeted spear phishing emails to deceive an individual into providing login information, using malware to infiltrate company networks, or spoofing an email account or domain to send authentic-looking emails to gain access. If hackers gain access to a user’s email account, they can use a number of tricks to keep their presence undetected, such as enabling auto-forwarding of incoming emails to an external address or setting up rules to automatically delete certain messages. In fact, a cyber criminal’s ability to leverage data harvested from the account and replicate their target’s language, personality, and organizational identifiers can make the intrusions extremely difficult to spot.
The following steps should apply to all employees and email accounts:
- Verify emails requesting sensitive information – All emails that involve financial sensitive data should be confirmed through an alternate channel approved by company leadership.
- Separate personal and professional email accounts – Even the smallest businesses should provide work email accounts for employees and encourage the separation of personal and work-related email to minimize exposure. Company email accounts should be used exclusively for professional purposes, and never used to create accounts on websites for personal use.
- Manage account access – Requiring multifactor authentication is one of the simplest and most effective ways of protecting access to email accounts. Regular updates of robust passwords are also essential.
- Enabling alerts for activity such as unusual login locations can help detect breaches.
- Disable automatic forwarding – Prohibiting the automatic forwarding of email to external domains prevents cyber criminals from exfiltrating email messages and the data contained within them.
- Monitor inbox rules – In addition to ensuring that intruders aren’t covering their tracks by using rules to auto-send messages or divert suspicious ones to trash, consider implementing rules that block macros and file extensions commonly used by malware.
- Maintain phishing simulations and fraud education – Strong cyber defense depends on alert employees who are aware of current threats and their role in company security. Educate all employees on the fundamentals of password best practices, including how to create strong passwords and prompts to change them on a regular basis.
In addition to implementing best practices, there are a number of emerging protocols that are helping to advance email security. Two of the most critical are domain-based messaging authentication reporting and conformance (DMARC) and brand indicators for message identification (BIMI).
DMARC is an email authentication protocol that helps organizations protect their domains from being spoofed. DMARC prevents spoofing by registering your domain and authentication details with email servers and providing instructions on what to do with emails that fail the authentication — for instance, locking, quarantining or rejecting the email.
BIMI, on the other hand, leverages DMARC and other protocols to provide means to authenticate emails that originate from a legitimate source. BIMI enables emails that have passed DMARC authentication checks to display a company logo, so that users can see at a glance that the email is genuine and the organization’s domain has not been spoofed. Not only does this help keep an organization’s partners safe from fraudulent emails, it also helps increase brand awareness by displaying a distinctive logo in each message.
Like every other security tool and protocol, BIMI and DMARC can’t eradicate business email spoofing. But they have enhanced security by helping to legitimize authentic emails and creating a record and enforcement policy for those rejected by the organization’s system. They do require some skill to implement and maintain, so businesses with limited internal IT resources may require third parties.