More businesses than ever are relying on online systems such as email accounts to run their day-to-day operations. As such, email accounts remain a severe vulnerability for businesses of all sizes - in the event of a security breach, a compromised email account can have a potentially catastrophic impact on your company’s viability. This is a vulnerability that cybercriminals are all too aware of, and they often focus their efforts on illicitly accessing email accounts as this can be their gateway to tricking members of your team into making seemingly authentic payments into a bank account that is actually being controlled by the attackers. When a cyber-attacker successfully steals an email account’s log-in details, they are then able to sign in as the original user, which is a huge risk for the affected business. Once they’ve gained access, they could then send emails from the seemingly ‘normal’ mailbox, access sensitive client data and move money around. Cybercriminals are also known to set up their own mailbox rules within compromised email accounts, which means that they can monitor and intercept messages before they reach the intended recipient. Once these rules are set, hackers can then redirect funds, change bank account details on invoices and even hijack conversations. To help our clients to stay protected from the potentially devastating impact of hacking and fraud, we have compiled some simple and practical steps that you can take to reduce your risk:
Use multi-factor authentication across your company's accounts - by adding an additional layer of authentication such as entering a unique code that has been sent to an authenticated mobile device, you can effectively reduce your email security risk.
Update now, not later! Software updates help to strengthen your cyber security, so don’t be tempted to ignore update reminders. Regular scans will also help you to ensure that there is no malicious software downloaded onto your systems.
Pay close attention to any changes in bank accounts or invoicing details - if you notice a change, no matter how minor, it is always best to verbally confirm this with your known contact to check it is not a malicious cyber attack.
Keep an up-to-date log of all email accounts associated with your business - if an employee leaves your company or you no longer require a certain email address, we recommend disabling the account immediately. Dormant accounts can be an easy way for hackers to gain access as they’re less likely to be monitored - by disabling them, you will remove this potential entry-point for any attacks.
Maintain an internal cyber awareness culture - your employees can be the gateway to cyber attacks, so frequent training and Q&A sessions are a good way to ensure that your people fully understand password management, data protection and device management. If you would like to find out more about how we can help you to ensure that your business is protected from the potentially disastrous impact of cyber crime and fraud, please contact us here: https://www.turnerrawlinson.co.uk/contact and one of our team will be in touch with you.