If someone called you right now from an unknown number, what would you do? Most people would ignore the call if they were not expecting it. This was not always the case. There was a time before caller ID in which people had to answer to find out who was calling. Now, thanks to innovations in phone technology, we can see who is calling without answering and simply ignore suspicious phone calls. If the same approach was taken towards email, a huge portion of cyber attacks could be eliminated.
According to the FBI’s Internet Crime Complaint Center (IC3) Internet Crime Report, 47% of all the attacks the FBI analyzed in 2021—such as phishing, business email compromise, spoofing, and malware—most likely started with email and caused more than $2.4B in damage. Email servers also continue to be a major weakness. Cyber criminals attack their victims’ emails with exploits, such as Proxyshell, to gain unauthorized access to Microsoft Exchange, leading to remote code execution.
On March 21st, President Biden urged the private sector to “harden your cyber defenses immediately by implementing the best practices”. We believe the best way to answer this call to action is by treating emails with the same suspicion and disdain we treat phone calls. Lock your email system down with email security like Mimecast or Barracuda, and avoid using it whenever possible. Instead of email, try using modern communication programs like Microsoft Teams, Google Spaces, Rocket Chat, Signal Groups, Discord, or Slack. Changing the way we treat email immediately lowers our risk of compromise, so it is crucial to start today.
Other steps you can take to immediately harden your cyber defenses include:
- Train employees on how to recognize suspicious activity – help them to understand the need to take the risk of cyber threats seriously
- Implement multi-factor authentication
- Ensure that the latest patches have been installed
- Have your network or system tested for vulnerabilities
- Develop an incident response plan if you don’t yet have one – OR practicing your incident response plan through a tabletop exercise if you do have one
Blue Team Alpha has the experience and knowledge to protect your business from cyber threats. Email is a critical piece, but there are many more ways to reduce risk and increase security within the scope of any budget. Call us to schedule an assessment. We are standing by to advise and assist.