Email Security
When it comes to cybersecurity, prevention is far, far better (and cheaper) than cure.
If someone spoofs your mail account (sends out spam in your name), there's loss of business reputation. It's worse if they steal or guess your email password. You could face business IP loss, data privacy breaches, identity theft and/or temporary blacklisting of your mailserver.
TIP One of the best strategies for your business is to train staff & principals about cybersecurity and do regular refresher training. Commonsense & cybersecurity awareness training are your most important protections.
If you & your staff think that there's plenty of tough technology safeguarding you, it's too easy to let down your guard. Strange but true: when phishing or malware emails arrive less often, they have a greater chance of success. They acquire a gloss of credibility by passing through your software defences.
The Australian Cyber Security Centre has good free materials on online safety for businesses of all sizes.
Encrypted emails
Emails in your Bizazz email account are safely encrypted in their mailbox on the mailserver.
Your emails are also protected in transit from hackers and snoops. This is called TLS encryption or TLS/SSL & it's the same technology as for website encryption (https://). TLS encloses the email in an encrypted 'outer layer'. It's like your email travels inside a safe with a complex combination lock. (It could take hackers longer than a human lifetime to break in. When quantum computing arrives, security geeks will up the ante; but that's not yet.)
There are sections of the email journey where neither you nor your own email host can control encryption.
- For your outgoing mail, this is from the addressee's mail server to their own device. They have to be using TLS on their own email account to encrypt your email.
- Incoming mail might come from an email address that doesn't use TLS. These emails are unencrypted and vulnerable for much of their Internet journey. Thankfully, SSL/TLS is now the norm.
- Emails have to be decrypted at some point. Anti spam and anti malware scanners can't do their job on an encrypted email, & neither can you. Eg mailservers decrypt emails before checking them with anti-virusware.
- You have no control over security of your email recipients' & senders' mailservers or computers/phones where your emails are stored. If you're concerned about email & data privacy, talk with your addressees about their own cybersecurity practices.
An email encrypted by TLS could contain very unsafe content or be spam; it just hasn't been tampered with en route to your mailbox. Other mail protocols & software add more protection or visibly reassure customers that your emails are genuine. If you like acronyms, you'll love these:
- Nifty settings which Bizazz always adds to your domain's DNS hosting are: SPF, DKIM and DMARC = SPF+DKIM. These protocols confirm that the emails you send are genuinely from you. External mail servers reject emails apparently 'from' your address but really from some nefarious source, because these emails don't meet the SPF & DKIM criteria.
- S/MIME email &/or document signing & BIMI verification marks will cost you extra. Contact us to find out more.
Spam, phishing & all that
What's what
Email spoof: You've been spoofed when someone else sends out email as if it's 'from' your email address. You can guarantee these emails will be criminal, crooked &/or embarrassing.
Compromised password: Worse case is if someone obtains your email password and really does send their spam out using your mail account. They can read your incoming mail too.
Spam: Spam is email that you didn't invite into your mailbox. The emails are sent out to many, equally reluctant addressees. It often appears to be selling (or giving away) stuff. Its real intent is usually to rob, rip off, deceive, annoy, frighten or distress people, eg to get private ID details out of them; or to install malware on their computers/phones.
Spamming is illegal in Australia and many other places in the world. For that matter, in Australia it's illegal to send ANY unsolicited business email, spammy or not. Businesses can only send a marketing email to you if:
- you have invited them to do so, by showing an interest in their wares/services and providing your email address
- they include an unsubscribe link, and
- you have not asked them to unsubscribe you from their mailing list.
Spammers constantly invent ways to get their emails through anti-spam filters. Security software vendors constantly update their products to outwit the spammers & malware developers.
Phishing: email version of an oldtime con. The sender presents himself/herself as a legitimate contact, often from a wellknown business, charity or government entity. The email asks its recipient to click on a link which goes, not to the real Woolworths, Paypal or ATO site, but to the phisher's website. There the hapless victim is fleeced of personal ID or credit card details, or enticed to download malware. The website may have a lookalike domain name (such as bizaz.com.au). A sophisticated phishing webpage will be styled to look like the genuine one: a fake Paypal login page. The email's 'from' address may also be spoofed.
Add to that vishing & callback phishing - the text & phone ('voice') version of phishing - and smishing - which has nothing to do with kisses, but a lot to do with SMS.
Keeping safe
Bizazz email hosting includes TLS email encryption, DMARC protection & encrypted message storage on mailservers. Your computer's/phone's anti-spam and anti-virus/anti-malware programs help guard against spam and phishing emails if you keep the software up to date. Your mailserver also has strong anti-spam protection which the mail host updates regularly. But there are still ways that people can infiltrate your email and make life miserable.
If you search online for mail security solutions, you'll find a stableful, free or paid. No IT security software does a perfect job or suits all businesses. No software can guarantee to keep out all dangerous mail. We read authoritative-sounding web reviews which tout Product G as a must-have solution; then we read other articles about G's serious downsides. Actually a major cause of cyberbreaches is overconfidence in protective software! Staff assume that if an email that makes it past the guards, it must be OK. Take sensible precautions, no matter how good your firewalls & software are.
- Home businesses often share networks with devices that are less secure and share devices with users who are not security-conscious. Internet of Things (IoT) is notorious for poor security, leading to risks for computers, emails & business data/IP on the home wifi. Who would have thought that a washing machine could be a business threat?
- If you suspect that your password has been stolen or guessed, the only cure is a new password. Log into webmail and change the email password there.
- If your staff need motivation to take cybersecurity seriously: check out business IT security statistics, eg at the Australian Cybersecurity Centre.
- Keep your hand off the mouse while reading emails. Never open an attachment on a suspect email. Be reasonably wary of mail from senders you don't know.
- Don't use shared public wifi for business emails. Turn off IoT devices if you can, while working from home.
- Avoid email software that litters your screen with ads. Then you can't accidentally click on a dodgy link.
- The sooner you Junk bad emails and then Delete from Junk folder, the less trouble they can cause.
- Don't try to unsubscribe from a mailing list via link in an email or by replying, unless you are sure the email came from a genuine Aussie business that will respect your unsubscribe request. Spammers love getting responses to their emails. It proves the email address active; they'll send more emails. And that 'unsubscribe' link just might lead you to an infected website.
Find out more about website and IT security.