|Dave Pelland has extensive experience covering the business use of technology, networking and communications tools by companies of all sizes. Dave's editorial and corporate experience includes more than 10 years editing an electronic technology and communications industry newsletter for a global professional services firm.|
Reducing Small Business Email Fraud Risks
Email is a foundational communication and productivity tool for most businesses, but it’s also a potential security vulnerability. Email’s ubiquity and open structure makes it an attractive target for hackers and fraudsters.
Email wasn’t designed with built-in security features, and people tend to trust it. This combination often results in people sending confidential information in messages that can be intercepted easily, or clicking on dangerous links or attachments.
Small businesses are especially vulnerable to email-based fraud because many haven’t invested in the sophisticated security tools used by their larger counterparts. In addition, hackers often deploy automated tools that look for known vulnerabilities in email systems that haven’t been addressed.
Knowing the Risks
Phishing emails designed to look like they’ve been sent by trusted companies or people remain a common security challenge for many companies. Phishing emails typically contain links to fake websites masquerading as those belonging to legitimate banks or other companies in the hopes someone will click the link, think the site is real, and enter their user ID and password.
In some instances, phishing emails have attachments that, when opened, install malicious software that steals confidential information from your network.
While security software can help with the phishing risk, education is the most effective defense. It’s important to periodically remind team members about the dangers of phishing emails, and to stress the importance of not clicking links or opening attachments unless you’re sure you can trust the sender. Most security software providers offer a variety of educational materials you can download and share with your company to highlight the risk and remind them about recommended security practices.
Another growing risk to small businesses is ransomware, which occurs when malicious software often delivered by email — encrypts a company’s files and demands a ransom for the decryption key. As with the phishing threat, paying attention to links and attachments can be important steps in keeping malicious ransomware out of your company’s network.
The strongest line of defense against email-borne security threats is anti-virus and anti-malware software that examines the content of messages and attachments as they’re downloaded from your email service provider. The software will look for known characteristics of existing malware and prevent suspicious files from being downloaded to your network or devices.
If you’re using a reputable cloud-based email provider, they’ll probably be providing these services as part of your subscription, so you can be reasonably confident they’re addressing this risk on your behalf.
If your company’s email enters your network through an in-house server, it’s critical to make sure your security software is current not only at the server, but also on the computers and devices that connect to your network.
You should also consider encrypting important emails. While it’s not necessary to encrypt routine email messages, it can be a valuable step in protecting contracts, high-value proposals or other sensitive documents from unauthorized access.
It’s also an important idea to make sure your team members use strong passwords on their email accounts to help reduce the risk of passwords being guessed by automated hacking tools.
By taking preventative measures, educating team members and monitoring your network’s performance, you can help reduce the risk of email-based security threats to your company.
Read other technology articles.