Email hacking is becoming a nuisance for businesses and people across the world. By hacking emails, cyber criminals can easily access your digital documents, understand your spending habits, and worse, access your bank account statements. Therefore there’s a need to safeguard your business—and yourself.
“It happened to him, but it’ll never happen to me. Why worry?”
If you know someone who says that about email security or if you say that yourself, here’s a reality check: You aren’t just being ignorant. It’s outright naive.
Emails are an integral part of your professional and personal life. When hacking emails, cyber criminals do not discriminate between business owners and their employees. Every bit of information that resides in a mail account is a gold mine for cyber thieves. Hence, security of your email is more important than you think. And if you own a business here in Singapore, the challenge inflates further.
The Diplomat reported that owing to the rapid increase in internet use, Southeast Asia is prone to attacks from external sources. And countries like Singapore, along with Australia, Japan, New Zealand, and South Korea, who are part of the “Cyber Five”, are more vulnerable to cyber attacks. And you thought being a technology-savvy country was a good thing, didn’t you?
The report also highlighted that around 55% of the attacks in the Southeast Asian region targeted e-commerce websites, specifically unencrypted communications that carry valuable information like your email ID, credentials, and your credit card data.
So, tapping into your emails is something that cyber-criminals love to do—and you are making it easy for them to do so. cording to a leading cyber security firm Symantec, more than half (52%) of spear phishing attacks are carried out using fake emails.
Now what does that mean to you? When cyber-criminals hack your email, they gain access to your digital documents, crawl through your various business accounts, understand how you spend money, and post updates, images and videos on your social media channels on your behalf. If this still doesn’t scare you, here’s something that will: Hackers can also access your bank account.
Having second thoughts about creating an email account? It’s too late now and you can’t really wish emails away. So, let’s understand why emails are easy targets and what you can do to defend your email.
Why Emails Are Easy Targets
There are many aspects that you need to consider when it comes to email security. However, let’s consider the major ones.
Security of your email, in broader terms, depends on four aspects–security of the device from which you are sending your emails, security of the network through which your email travels, security of the server on which the email is hosted, and security of the recipient’s device.
Device security largely depends on your browsing habits. With the rise of social media, online buying, consuming media online and online gaming, personal devices are getting more exposed to malware and viruses. And, as a result, they are exposing emails sent from these devices to cyber attackers.
According to State of the Security, over 50% of breaches are caused by employees misusing access privileges. Whether maliciously or unwillingly, employees who click pop-up browsers or install a malicious application can welcome spyware on a company’s system.
Here are five easy ways to ensure device security.
- Keep your device’s software updated at all times. Always remember that every new software release comes with security patches.
- Don’t play around with your device’s security setting. It should not be considered as a means of entertainment. Trust the people who built your device as they have already ensured enough security.
- Always set a strong password. Ensure that your password is a combination of letters, numbers, special characters and be case-sensitive. And if possible exceed eight characters.
- Stay away from the temptation of using free public WiFi. A major reason behind this is that these WiFi networks are mostly unencrypted.
- Go for URLs with https://. In case you are unaware, the ‘s’ we see in ‘https’ actually means that your device is connected to the site via a Secure Socket Layer (SSL). In other words, the information that’s transmitted through the network is encrypted. So, URLs that do not have ‘s’ after ‘http’ are most likely to be unsafe.
Network and Server Security
Network security is a bigger challenge. Sophisticated DDoS (Denial of Service) attacks, lack of visibility of network traffic, weak access password, redundant security software and web cookies make networks susceptible to cyber breaches, thereby putting your emails in danger. Think of it as getting mugged in a shady alleyway.
From a business perspective, to ensure ease of scale, emails are mostly hosted on public servers. If cyber criminals can steal email passwords of your employees, they will no longer need their devices to access email accounts. They can directly log into the email provider’s server and access emails. The worst part is, cyber criminals can access years’ worth of emails and attachments. And as most service providers store emails in plain text, it makes the task of hacking much easier. Clearly, you aren’t safe anywhere.
Here are six quick tips to ensure network and server security.
- When choosing a password for your server remember to setup two-factor authentication
- When it comes to networks it’s always better to use secure FTP (file transfer protocol) instead of plain FTP
- Using firewalls on all endpoints, including servers and desktops significantly increases server and network security
- It’s always good to encrypt configuration files that contain sensitive logins
- Limit field input length to guard networks against application level DOS attacks
- It may sound basic but businesses should always monitor web traffic for unusual activity
Impact of Email Hacking
Email Hacking can wreak havoc and cause long-lasting damage—both financial and reputational. Here are a few instances of email hacking that’ll give you shivers down your spine.
In September 2016, a massive security breach saw hackers stealing personal information of more than 500 million Yahoo mail accounts. It was a huge cyber catastrophe as hackers got access to email IDs, passwords, birthdays and financial statements of Yahoo account holders. Yahoo later claimed that the breach was carried out by intelligence services of countries like China, Russia, and North Korea.
While the Yahoo hack shook the world, one e-mail hack that’s etched in our memories because of the extent of damages and media coverage it received is the attack on Sony. Back in 2011, Sony’s 77 million Play Station Network accounts were hacked. Sony said that cyber criminals gained access to confidential information such as emails, full names, passwords, home addresses, purchase history and credit card numbers of customers.
Back in Singapore, a 22-year-old was jailed last August for illegally hacking into customer’s email, PayPal and Groupon accounts and using them to make purchases over $70,000 without the victims knowing.
That victim could have been you.
Securing Your Emails
Now you see why your emails – especially the ones directly linked to your business – need to be secure? When it comes to email security, SSL and encryption can go a long way.
SSL (Secure Socket Layers) ensures email security by using both a public key and encryption to secure communication between two devices–usually between a mail server and a client system that’s communicating over the internet. It enhances encryption and authentication of data between an email client and the mail server and guarantees that data in transit would not be observable by anyone spying on your connection (such as someone on your wifi network or at your ISP between you and the mail server), that the communication cannot be modified while in transit between you and the server, and that the server cannot be impersonated.
Here’s how it looks in pictures:
If you need to ensure secure delivery of email end-to-end, encryption is the way to go. It enables you and your business to protect and secure the confidentiality of digital data that is either stored in a device or is being transmitted through an internet network.
Encryption is especially important if your business operates in virtualised environments. It can help you enhance the security infrastructure of your business in the cloud. And if your business keeps sensitive financial and/or health data, it’s absolutely necessary to encrypt mails. There’s clearly no escape.
That’s why, as a business stakeholder, it’s important that you take email security and encryption more seriously and ensure you adopt appropriate mechanisms to beat cyber-criminals.
And remember if it could happen to him, it could very well happen to you.
Cybersite has created SecureMail, the most secured email system to date suitable for anyone. It comes with advanced email transmission protection that can prevent phishing of corporate and personal data like addresses, credit card transaction details & more. Get your SecureMail to safeguard your email transmissions.