The Biggest Threats in Your Inbox

Email communication still reigns supreme, and that means it's the preferred 'in' for cyber attacks.

learn more about Joe Ross

By Joe Ross • Feb 2, 2017 Originally published Feb 2, 2017

Hero Images | Getty Images

Opinions expressed by Entrepreneur contributors are their own.

Messaging apps and company policies that allow employees to "bring-your-own-device" (BYOD) or work remotely can increase job satisfaction and boost productivity, but there's a flip side to this flexibility: They could threaten business security. Changes to the corporate landscape have ushered in a new era of threats. Still, there's one communications channel that reigns supreme: email. In its 2016 Internet Security Threat Report, Symantec estimates there were a staggering 190 billion emails in circulation during 2015.

Related: This Is Why Securing Your Business Is More Important Than Ever

As long as email dominates corporate communications, we'll continue to see cyber criminals orchestrating email attacks. You'll need to familiarize yourself with the greatest risks if you hope to stay one step ahead of these threats.

Impersonating your leadership.

Imagine one of your employees received an email from your Chief Technology Officer (CTO), asking her to open and review an attached file. The email comes directly from the CTO's email address, the body of the email addresses the employee directly, and there are no obvious signs that anything is awry. The employee opens the attached file and clicks on the link. Just like that, a cyber criminal has found a way into your servers. From that point, malware installations can compromise your company's entire network.

This is an example of a spear-phishing attack -- a more selective and sophisticated form of traditional phishing. The cyber criminal deceives the user through a personalized email tailored directly to the target. Unfortunately, criminals are getting better at their trade. They pull publicly available information from social media and company websites to learn more about their targets. Every bit of information helps them customize their malicious emails and make these messages appear more legitimate.

These attacks will become only more difficult to detect. Encourage your employees to always think twice before clicking links or downloading materials. If they have any doubt about an email's legitimacy, they should call the apparent sender to confirm.

Related: A Secret Service Agent's Guide to Protecting the C-Suite From Hackers

Creating a false sense of urgency.

In this scenario, your employee receives an urgent email from his boss, requesting a large sum of money to pay for overdue administrative expenses. Again, the email appears to be legitimate. Your employee clicks the link to wire money. But this sense of urgency and personalized message have just made your employee a victim of another spear-phishing attack.

Encourage your employees to remain vigilant about clicking on links, especially when the sender creates a sense of urgency in the message. Be wary of emails that suggest you must "act now." Cyber criminals frequently tap into this vulnerability. Users also should keep an eye out for misspellings or slight differences in the sender's domain. Again, the direct approach is best: Contact the sender offline to confirm the claims are valid.

Related: Your Startup Should Think About Security From the Beginning

Tackling the threats.

Spear-phishing attacks will continue to grow in sophistication, and they show no sign of slowing in numbers. According to the Anti-Phishing Working Group's (APWG) Q1 2016 Phishing Activity Trends Report, there were more phishing attacks in the first quarter of 2016 than in any other three-month period since the organization began tracking data in 2004. The organization also observed an overall 250 percent increase in the number of phishing websites from October 2015 to March 2016. It's critical for business owners and employees to take proactive measures.

  • Practice makes perfect: Consider conducting a phishing simulation to evaluate your company's preparedness for attack. This is a low-risk way to start a conversation with your employees and provide an opportunity for education and training.
  • Set standards around sharing: Some employees might not be aware which types of information are unsafe to share via email. They should never reveal personal or financial information, even if the sender is -- not just seems -- legitimate. Make it a best practice to never share passwords via email, regardless of whether it's a less-valuable account.
  • Think before you click: Encourage employees to exercise caution. Be suspicious of clicking on links or opening attached files. When in doubt, call the sender directly to double check.

Related: Security Awareness Training Is Essential for Small Businesses

Email attacks will continue as long as businesses use email to communicate. Encouraging employee education and raising awareness empowers us all to play a role in preventing criminals from exploiting company or personal information.

Joe Ross

President and Co-Founder of CSID

Joe Ross is president and co-founder of CSID, now a part of Experian Partner Solutions, a provider of comprehensive credit data and identity management technologies and services. Ross is widely recognized as an identity protection leader with more than 15 years of experience in the industry.

Related Topics

Editor's Pick

This Co-Founder Was Kicked Out of Retailers for Pitching a 'Taboo' Beauty Product. Now, Her Multi-Million-Dollar Company Sells It for More Than $20 an Ounce.
Have You Ever Obsessed Over 'What If'? According to Scientists, You Don't Actually Know What Would Have Fixed Everything.
Most People Don't Know These 2 Things Are Resume Red Flags. A Career Expert Reveals How to Work Around Them.
Starting a Business

5 Ways to Expand Your Pet Sitting and Dog Walking Business

The new book, Start Your Own Pet Business, details easy ways to add new revenue streams to your biz.

Business Ideas

55 Small Business Ideas To Start Right Now

To start one of these home-based businesses, you don't need a lot of funding -- just energy, passion and the drive to succeed.

Business News

Massive Fire At Top Egg Farm Leaves Estimated 100,000 Hens Dead. What Does This Mean For Egg Prices?

Hillandale Farms in Bozrah, Connecticut went up in flames on Saturday in an incident that is still under investigation.

Business News

Survey: A Majority of Americans Are Living Paycheck to Paycheck

Sixty-four percent of U.S. consumers live paycheck to paycheck — even those who earn more than $100,000 a year.

Business Solutions

5 Procurement Trends To Keep on Your Radar for 2023

Procurement professionals must adapt to inflation and a shortage of skilled labor in the face of an economic recession. Investing in a workforce paired with retraining and development strategies will put your company on top amid economic uncertainty.