CyberScout

Your Email Needs to Shelter in Place, Too

Email shelter in place
Getty Images

The Covid-19 pandemic created an opportunity for hackers to target the newly remote workforce. Hospitals have been targeted by ransomware (despite initial assurances to the contrary), phishing scams are using pandemic-related scare tactics, and video conferencing apps have become the new go-to for everything from domain-spoofing attacks to zoombombing. Even NASA has reported a 100% increase in phishing and malware attacks. 

While email has long been a weak point in cybersecurity, the stakes have never been higher for businesses. Even a relatively mild strain of malware can effectively sideline an employee or an entire business for hours, if not days, in a period where margins are increasingly slim and every moment counts. To that end, businesses need to ensure that employees are applying the same tactics to their virtual health that they are physically. 

Follow these rules to minimize your risk of getting hacked :

  • Don’t click on links or open attachments from unsolicited emails: Every email, no matter how seemingly innocuous, represents a potential existential threat to your organization. Every link you click and every attachment you open could be paving the way for phishing, malware, or worse. If you don’t recognize the sender or weren’t expecting to receive an email, it’s not worth the risk.
     
  • Follow up with phone calls: If you receive an email from a known associate asking for potentially sensitive information or data, confirm it with a quick phone call. It’s relatively easy for a hacker to spoof an email address; never assume that the sender is who they’re claiming to be.
  • Don’t use email to send sensitive data: This was sound advice before the Covid-19 pandemic, and will continue to be after the fact. Emails can be intercepted and accounts can be compromised. Never put information in an email that you wouldn’t want to be read by an outside party.
     
  • Don’t use email, for that matter: Email was one of the foundational applications of the internet, pre-dating the web by decades. It’s ubiquitous, easy to use, and unfortunately wasn’t made with security in mind. While it’s possible to mitigate some of the risks associated with email by using security software, spam filters, and firewalls, it’s still an inherently non-secure method of communication. Try to rely on alternatives wherever possible. 

The current Covid-19 pandemic represents an apt analogy for cybersecurity in the workplace: both require a group effort and an abundance of caution in the name of safety. As businesses become increasingly reliant upon virtual methods of communication, it’s more urgent than ever before to fully realize the risks associated with email, and to act accordingly.