Email Attacks Are on the Rise – Implement These 9 Layers of Email Security (Yeo & Yeo)

Technology
September 16, 2021 - Yeo & Yeo


This is a thought leadership article on protecting your firm from email attacks by PrimeGlobal member firm Yeo & Yeo in North America.

Access our Technology Insights hub to access similar articles about technological innovations that can help improve your business and the service you provide to your clients. Interested in sharing your firm's thought leadership with PrimeGlobal members? Submit an article.


In the past month, there have been several reports of businesses being compromised by malicious emails. It only takes one member of your staff to click a bad link for hackers to access your network and data.

Yeo & Yeo have created a one-page info sheet to help you recognize common email scams and hacks that could be entering your inbox. Read the info sheet here

You should always take precautions when opening emails and clicking links. The first line of defense against cyberattacks is you.


Here are nine layers of email security that you can implement to protect your business:

  1. Multi-factor authentication: The simplest and the most effective way to prevent unauthorized logins. Every time you log in to your email (or any other system), you have to confirm it’s you on a separate device. This is typically done with your mobile phone, either by receiving a code or using an app to generate a code.
  2. Monitoring for unauthorized email forwarders: Hackers can play a clever, long game just by accessing your email once. An unauthorized forwarder allows them to monitor communications. It doesn’t even need to be the email of a senior member of the team. It’s surprising (and terrifying) how much we give away, bit by bit, in our daily emails.
  3. Proper email backup: Unless you have bought a specific email backup, your emails are not being backed up and are not protected daily. Not many people realize this. Having a proper backup is critical, as it gives your IT support company many more options if you are attacked. They can completely reboot your email account, safe in the knowledge you won’t lose a single email.
  4. Artificial Intelligence (AI) screening of emails: So you have this contact called Jon. And then one day, he signs off an email with his full name, Jonathan. You might not think twice about it. But a good AI system would pick up on this sudden behavior change and investigate the email further. These systems can be very clever at spotting potentially dodgy emails from the tiniest symptoms.
  5. Improved security endpoints: Endpoint security means each computer you use to access email is locked down and protected. There are many different ways to do this. From enhanced security on each device to prevent it from being used for risky activities. To encryption of the data on the device, meaning it’s worthless to anyone that steals it. And even as far as banning USB devices (you can plug them in, but they won’t work… meaning they can’t do any damage).
  6. Office 365 advanced threat protection: Robust Microsoft protection working for you behind the scenes. Your IT support company should know the correct way to implement it for your specific setup.
  7. Awareness training: The weakest link in any email security setup is… the humans. Because emails can still get past all of the defenses already listed, the last line of defense (and frankly, the best) is the human looking at an email with suspicion. There are some amazing awareness training courses available. They’re delivered online, so your team doesn’t have to go anywhere. They’re not dull or techy. They’re designed to be fun, and above all, to make your staff pause when they’re sent that dodgy link to click. That pause can save you thousands of dollars and days of hassle.
  8. Cyber insurance: It could be worth taking out a cyber insurance policy if only to follow the basic standards laid out by the insurance companies. Their job is to reduce their chance of having to pay out, right? That means they’re highly likely to know what ‘best practice’ currently is. So follow their advice as part of your overall email security protection.
  9. Set up business processes and make them the culture: Don’t let the boss change the process on the fly! If you have an internal process for approving payments, it needs to be followed every time… ESPECIALLY by the boss. Because it’s when the boss cuts corners that the chance of fraud jumps up dramatically; the weakest link is humans, remember. When it’s the boss, and everyone wants to please them, it opens the window for fraud and encourages everyone to break the rules. Great leaders realize they need to act the way they want their staff to act… even if it’s an inconvenience.

For more information on preventing email attacks, read ­­­Yeo & Yeo's Email Hijack eBook.


Content by:

Yeo & Yeo

Yeo & Yeo is a top 200 full-service assurance, tax and advisory firm with a reputation for personal service, commitment to clients and community support. Founded in 1923, Yeo & Yeo has grown to include more than 200 trusted professionals who have been successfully advising Michigan businesses. Through our four companies – Yeo & Yeo CPAs & Business Consultants, Yeo & Yeo Computer Consulting, Yeo & Yeo Medical Billing & Consulting and Yeo & Yeo Wealth Management – we have created a strong network of professionals with the expertise to solve complex problems in each industry we serve.

Learn more