Small businesses are targeted now more than ever by hackers. One of the most common ways cybercriminals can gain access to your network or sensitive data is through employee emails. As technology has become more advanced, so have cybercrime tactics. With the use of AI and social media, hackers often have everything they need to impersonate business leaders or loved ones to manipulate people into revealing sensitive information. To mitigate the risk of these sneaky email scams, here are a few tips on email security training for employees.
1. First, Know How to Spot a Phishing Email Address
The easiest way to tell if an email claiming to be from someone in your organization is by looking at the sender's address. If it is from a random domain and doesn’t feature any names or other indicators that they’re from your organization, it’s best to ignore or report these emails to your IT team. Short messages with obvious grammatical errors should also raise a red flag, especially if the person supposedly sending it typically doesn’t write emails like that.
Although these warning signs are a common way to spot spoofed emails, AI has given cybercriminals the ability to sound very similar to family members or employees in the organization. It’s as easy as feeding prompts and writing from social media posts and other online sources to teach AI how to sound like someone familiar. This is why the best way to catch a phishing email is by looking at the email address it was sent from.
2. Never Click Links or Attachments from Suspicious/Unknown Outside Email Addresses
Make sure to remind employees not to open attachments or click on links in emails from unknown sources. If the sender is unfamiliar or has a suspicious-looking domain, the email should be ignored or reported. This is an email security best practice, because scammers can inject malware into attachments or link to malicious websites.
3. Beware of Common Tactics Used by Phishing Scammers
Aside from suspicious senders or off-looking grammar, cybercriminals use many common manipulation tactics to get you to reveal personal information. They will try to instill fear or urgency by making up scenarios to urge you to act. They often do this by using family member names and other information about you that can be easily found on the web and social media. This makes them seem more legitimate, which can make it difficult to discern a real emergency from a scam. Emails supposedly from loved ones or bosses should raise a red flag when they:
- Ask for money.
- Request that you purchase gift cards or otherwise transfer money to them.
- Present a dire situation they need help with, often with urgent language.
- Try to get your personal information like phone numbers, passwords, and other sensitive data.
- Ask you to send personal or business financial information.
4. Conduct Phishing Training Courses At Least Once Per Year
A great way to make sure all employees are trained on email safety is by conducting regular phishing training courses. These should be short, easy-to-complete training that help users identify common signs of phishing. Some training might even be fun for employees, such as “spot the phishing email” games. Some training courses feature fake phishing emails sent to employees, alerting them if they fall for it and detailing the suspicious details they missed.
In this way, phishing awareness training doesn’t have to be tedious or boring. Many IT service providers can walk you through setting up these training courses according to your organization’s unique needs.
5. Create Strong Passwords for Emails and Reset Often
A strong password is perhaps your strongest defense against email hacking. Passwords should have the following attributes:
- 8 to 12 characters
- Both letters and numbers
- At least one special character (@, #, !, $, etc)
- Avoid using repeating numbers like “1111” or common sequences like “1234”
Due to the prevalence of social media, it’s extremely easy for cybercriminals to find simple personal information that employees may use for passwords. Because of this, employees should choose passwords that would be difficult to guess based on readily available information online. Examples of weak passwords in this regard would be current pet names, spouse names, children names, etc.
6. Use Multifactor Authentication for Added Security
Another great tool for preventing emails from being compromised is using Multifactor Authentication (MFA). This requires users to verify their identity with an additional device, personal email address, or app. It often works by sending a PIN code or verification message to the secondary device or application. The added layer of security would make it difficult for cybercriminals to gain access to their target’s email account.
Next Steps: Network Security Consultants Can Provide Guidance
There are several ways to go about implementing these email safety tips. Ask your managed IT provider and/or cyber security consultants about email security. When trying to develop a training plan for employees, it can be helpful to consult with experts in cybersecurity for the best course of action. If you’re not sure where to start, they will be able to walk you through the process of setting up these training courses and how to approach them with your staff.
