Today, more than 90% of cyber-attacks start with a phishing e-mail and every 40 seconds a company gets hit by a ransomware. Therefore, it is crucial to be well-educated regarding suspicious e-mails. Following warnings and tips of course indicate only an introduction to the safety measures that could be taken to avoid suspicious emails or spotting them at once.
What is a “suspicious email”?
Suspicious emails are the mostly used and unfortunately the most efficient instrument of cyber criminals which usually contain viruses, worms or ransomwares for the purpose of accessing to a specific computer or a network.
What should we do?
Although there is not a certain formula to avoid suspicious emails, simply checking (i) the sender and the recipient’s titles and addresses, then (ii) the subject of the email, and (iii) examining the email content in the light of the warnings and the tips stated herein below is advisable.
- To check the sender and the recipient of the email, move your cursor to the Sender and the recipient section to check the name or the title and the email extension without clicking.
- The “Subject” section of emails usually helps us to spot suspicious emails in many different ways. (Blank subject, irrelevant matters, artificial importance etc.)
- Finally, the content of the email may also give you many clues to be suspicious of. (empty , attachments, IBAN numbers etc.)
In addition to above, taking following steps is also crucial to mitigate cyber risks;
- Write a cyber security policy including all relevant other policies such as corporate password policy for all users and modems etc.
- Create and implement a proper but realistic Incident Response Plan.
- Educate personnel for awareness and daily routine security measures such as logging off from accounts, not using personal e-mails or same passwords for each account.
- Cyber criminals are good at spotting your weakest link who could be a new employee recently started and not yet took the cyber security education. 90% of cyber attacks originate from human factor and negligence.
- Always be suspicious and vigilant. Think before you click anything and do not open zip file or .exe file attachments unless you are expecting it.
- Don’t share sensitive corporate data with third parties and even a personnel or department of your company and keep data flow limited as much as possible.
- Back up regularly all data at all times in alternative storages.
- Utilise defences including anti-virus, anti-malware, anti-spyware, and install software and hardware firewalls.
- Use external devices cautiously since most of the time a cyber-attack starts with an innocent looking but infected USB flash disk of a co-worker.
Cyber risks evolve and develop even each hour and cyber criminals progress faster than we can imagine in order to succeed in their scams. Therefore, regularly updating company policies, awareness and education together with necessary software and hardware defences is vital for maintaining cyber hygiene.
By Efe Kınıkoglu, Partner, Moral & Partners