A wave of corporate security breaches have exposed many business email accounts and this could give intruders access to critical information about companies and their customers, such as email details, home address and credit card numbers. There are many ways hackers can sneak into our company, such as by broadcasting fake emails that contain malicious links. Unfortunately, we may also make a number of mistakes that can harm our email security:
1. We don’t archive: Virtually any major email platform allows us to set regular archiving tasks, so email address can be moved or copied to distant servers. This should still allow us to check archived email messages on our work computers. It is actually a good idea to move our critical email messages to a remote server to limit hacker’s ability to access them. Of course, we could set up exceptions, so some less critical messages, won’t be moved and archived.
2. We are poorly organized: Emails come into our inbox each day, so we need to organize them regularly. In this case, we could sort our email into folders and this will segment our data. If some of our emails are sensitive, we could put them temporarily in folders with arbitrary and less conspicuous names that won’t attract attention. It will take much longer for hackers to find what they need, because they need to take multiple steps to find specific information. When paired with regular archiving, we could make sure that what hackers can compromise is very limited. Sensitive information will be regularly purged from our inbox and moved to a distant server.
3. We mix personal and work emails: It is a bad idea to use our work email for personal purposes. By separating our mails, we could limit details that hackers can glean about us. This will prevent more sophisticated attacks that can target us. As an example, hackers can learn about our personal hobbies, regular vacation schedules and shopping habits. This will allow hackers to send phishing email messages that could be made similar to those sent by websites we read frequently and purchased goods from. Phishing emails are intended to route us to specific URL that can make it much easier for hackers to gain more access to our system.
4. Don’t click any link: Unless we are very familiar with the link and we have been expecting it, we shouldn’t click on any link. Phishers are quite proficient in making their mails and links look incredibly genuine. Links could look like they come from trusted banking institutions. Even before clicking on any trusted link, we should hover the mouse cursor on it, so we could check its final destination. The actual address will pop up and we should make sure that the destination is familiar. It should be noted that the URL may contain name of our bank or favourite retail website, but it could actually be a subdomain of an unknown primary domain. It would be much better if we manually type in the address of the website on the browser bar, instead of clicking on any link.
Regardless of what we do, we should forward any strange attachment and link that strike us as strange. Our initiative and fast response could help the IT department to prevent others in the company to fall into the same trap.
View the original content and more from this author here: http://ift.tt/1AFNsU5
from hacker samurai http://ift.tt/1ctJSRa
via IFTTT
No comments:
Post a Comment