DURBAN – It’s the silly season, and while most go shopping, cyber-criminals go phishing.
With promotional emails hitting inboxes over the festive and back-to-school period, now is the time for companies to step up email management.
"Companies can help protect their users and businesses from becoming phishing victims by putting a good email phishing and Business Email Compromise strategy in place," said Charl Ueckermann, chief executive at AVeS Cyber Security.
For organisations who have a holiday break coming up, it is a good time to get a Phishing and Business Email Compromise (BEC) strategy in place, test the technology properly and get everything up-and-running.
He explains that phishing is the fraudulent process of getting information like passwords, credit card numbers, banking details and other sensitive information by posing as a company or person that the receiver recognises or trusts.
Phishing emails are always made to look like the real thing from banks, popular social networking websites and sometimes even as a company’s email administrator.
The emails often contain a link to draw the recipient to a fake website where they erroneously give away sensitive or personal information and the information can be used to conduct all manner of fraudulent activities.
Companies can consider installing technology that is capable of blocking certain components of emails, corrupted emails and even label emails in the subject line.
The solutions detect and stop spam and malicious email before it becomes a problem and without slowing down productivity. Companies can also rest assured that legitimate emails won’t be deleted by mistake.
Ueckermann said that there are some important things to consider when implementing a strategy and technologies to address phishing and Business Email Compromise (BEC).
In today’s digital-driven business environment, a great user experience is vital for improving productivity, employee morale and technology adoption in the organisation.
Don’t stop people from receiving business emails; rather put mechanisms into place to ensure that only legitimate emails arrive in their inboxes.
Cost and the manageability of these solutions are obviously key considerations. Companies should aim to deploy the most effective and easiest to manage solutions that they can afford.
“When a phishing email manages to get in, it is pretty harmless until the recipient opens it, clicks on links. That is why it is important to educate employees about the dangers of phishing and how they put themselves – and the business – at risk.”
He offers these tips for employers to guide employees on keeping their business email inboxes clean:
- Don’t use company emails for social media profiles
- Don’t buy stuff online using company emails
- Don’t wait for someone to teach you safe email practices, self-educate and ask experts in the organisation; there are many free resources made available by industry experts via social media, such as how-to videos and quick-tips articles.
- Understand the dangers of opening or clicking on links in emails
- Treat unsolicited emails requesting sensitive information with suspicion
- When subscribing to websites, use other email accounts, such as a separate Gmail account
- Don’t sign-up for newsletters using their business email addresses.