Statistics show that hacking attacks happen every 39 seconds. In 2019, the cost of data breaches amounts to $2.1 trillion globally. These statistics are outrageous and provide all the reason for business owners to take measure to protect their business accounts.
Unfortunately, 75% of businesses are ill-prepared for a cyber-attack; neither do they have a response plan for cyber-attacks. Cyber-attack criminals commonly attack business emails because they get direct access to the whole organization.
By targeting emails, hackers get hold of an organization’s weakest link, which comprises the employees. The number one reason why business emails are the biggest targets in cybercrime is that they store lots of data. They carry sensitive data, including contacts, financial information, and useful data that can be used in social engineering schemes. They also carry the personal identity of the users, and a successful account takeover is the entry point for further attacks.
Emails also come with an unpatchable weakness that is easy for hackers to exploit. Since everyone uses email, the target base for hackers widens, primarily because human error is inevitable. This means that passwords can easily fall in the wrong hands, giving hackers easy access.
Why is Account Security Crucial?
Given the stakes mentioned above, business emails security must be a top priority for businesses. Securing business accounts keeps your data safe and prevents identity theft. Identity theft is the illegal use and abuse of personal information like name telephone numbers, email addresses, and financial information.
When hackers get access to this information, whether virtually or in the real world, they can inflict insurmountable financial damage on the victim. They may also ruin the victim’s reputation or have them implicated for crimes they didn’t commit.
Hackers may also use the hacked email account to send Trojans that take over the company’s network. With all this in mind, it’s clear why it’s crucial to secure emails, not just with strong passwords, but using other approaches as will be discussed in this article.
How Do Business Email Accounts Get Hacked?
Hackers use more than one way to gain access to sensitive data stored in online accounts. Sometimes, hacking can't always be attributed to careless security measures. Hackers technically orchestrate their tricks so well that even the most careful users sometimes fall victim. Here are some of those tactics.
If you register your email account with a poorly constructed password, hackers will have a field day gaining access to your account. Using the same password for different accounts also makes them vulnerable to attack.
Hacked social media profiles can be used to log into online stores where financial data is stored. If the online retailers have security lapses, there’s little their customers can do to protect themselves. Many of the cases of large-scale data thefts revolve around the loss of customer data.
Phishing is becoming an increasingly common method of hacking. It entails employing a special type of spam mail so that the recipients of the mail are directed to a forged web site. The interface of the fake website resembles that of a known website, making users fall for this ploy.
Once they enter their customer data or login information, they unknowingly forfeit their personal information to fraudsters.
This entails downloading freeware and files that carry the risk of infecting your computer with a virus. Once you download the files, they can intercept confidential and sensitive data and forward it to third parties. Some spam emails are known to contain such viruses.
This is where fraudsters create a fake social media profile as pose as a friend to the victim. They then try to extract passwords and sensitive data through messages and conversations.
According to the FBI, victims of email hacking receive emails from strangers in which they’re promised to receive millions of dollars. However, this is on condition that the receiver will pay up for the wire fees upfront.
Large businesses are usually a target of a sophisticated scam that relies on social engineering. One tactic that hackers use is to spoof or take over a manager's email address. They then send an "urgent" message to an employee below their level, asking for a quick transfer to a client. They could even fake an invoice from a vendor and request it to be acted upon.
How to Tell Your Business Email Has Been Hacked
One of the easiest ways of telling whether your email's been hacked is if the password has been changed. Without this, you would continue using it without knowing what’s happening.
You may also receive multiple messages from your contacts, telling you that your email appears as spam mail on their end. This is enough indication that your email account has been hacked. It means that the fraudsters have access to your contact list, which they’re using as a target for their messages.
The sent messages will appear in your sent folder. In case you don’t get feedback from your contacts, check this folder. If there are emails that you don't remember sending, that's a possible indicator of a hacked email account.
Other indicators of a hacked email you should look out for are unusual IP addresses, browsers, and devices. Your email service provider allows you to check your login activity and Ip addresses or locations that have been used to access your account.
If you notice locations or activities you don’t recognize, your account may be under attack.
Keep a watchful eye for unexpected password reset emails. If you didn’t request for a password change, it means an attacker is trying to gain access to your account. They could be trying to find out information like the shopping sites, banks, and other services you use online. Be suspicious of emails from your bank asking for passwords or other security codes.
If all these signs aren’t available, there’s still another way to check if your email has been hacked. There are websites you can use to determine the safety of your account by analyzing botnets and data breaches.
Botnets refer to networks of infected computers, usually used for criminal purposes without the victims knowing it. The bot software infiltrates your computer through fake email attachments. Some useful websites for this purpose include
- Have I Been Pwned?
- Breach Alarm
- Firefox Monitor
- Identity Leak Checker
With the help of these resources, it won’t be too difficult to determine if your email has been hacked.
What to do When Your Business Email Gets Hacked
Now that you know that your business email is prone to cyber-attacks, what can you do to protect it and reduce the chances of attack? Here are some quick and easy ways to protect yourself online. Take these measures early enough, even if your email hasn’t been hacked yet.
- Create Strong and Hard-to-Guess Passwords
Hackers make use of password-cracking programs which are very good at figuring out weak passwords. Using a strong password that hackers can’t easily make out is the first step towards protecting your account. Remember not to use the same password for different online accounts.
To create strong and secure passwords that are hard to guess, here are some recommendations.
- a) Use a Passphrase
Passwords are more common than passphrases, which are a type of passwords that use a series of words. The words could be separated by spaces or not. Passphrases contain more characters than passwords, but few components, hence making them easier to remember.
Passphrases are more secure than passwords, but some schools of thought argue that passwords allow for more randomness, making them harder to guess. Even so, passphrases contain more entropy than passwords.
When using passphrases, ensure that they contain at least four words. Avoid as much as possible the use of a combination of common words. Don’t choose common quotes or sayings and also ensure each passphrase is unique to each account.
- Use Password Managers
One downside of using passwords on your email account is that you have to memorize them. You can make your work easier by making use of a password manager. This refers to a software application used to store and manage passwords for different online accounts.
Password managers store your passwords as encrypted information. You’ll have access to all your passwords from a central location with the help of a master password.
Password managers differ in the way they encrypt information, store it, and the additional features they offer. Some of the other features they incorporate include automatic form filling and password generation. The automated form filing feature pops up the login in information for every specific URL upon loading.
This reduces manual errors while protecting systems from hacker attacks. Password managers can identify the correct URL for a particular login ID and automatically pairs it with the password. This way, they protect your credentials from phishing sites. The automatic password generation feature provides a platform for the creation of unique strong and random passwords for each account.
There are several types of password managers including
- Web browser-based
- Stateless and
As a tip, try as much as possible to avoid web browser-based password managers. Firefox, Chrome, and Internet Explorer all come with integrated password managers. Chrome and Internet Explorer store your passwords on your computer without encrypting them. This means that anyone can access and view them unless you encrypt your hard drive.
Dedicated Password Managers
The best alternative would be to use a dedicated password manager. They store your passwords in encrypted form and also help you generate secure random passwords, offering a more robust interface. They also allow you to access your passwords across a variety of devices like smartphones, computers, and tablets.
Some dedicated password managers you can use include the following.
Although it’s a little new on the market, it comes with features that make up for what’s missing in other password managers. Its features work well with a variety of platforms like Android, iPad, iPhone, OS X, and windows. It comes with extension features like a security dashboard that analyzes your passwords and changes them accordingly so that you don't have to deal with that yourself.
Dashlane is entirely free for use on a single device, but if you want to sync them between devices, you’ll have to upgrade to premium.
The software also allows you the option to store your passwords locally on your computer instead of storing on a cloud. Once you sync them across devices, they become AES encrypted.
As a cloud-based password manager, it comes with extensions, desktop apps, mobile apps, and all the necessary features for all the browsers and operating systems you use. It offers a two-factor authentication option which makes your passwords even more secure.
LastPass stores your passwords in an encrypted form, but they are decrypted once you log in.
Some people may not be comfortable with LastPass since it’s a cloud-based password manager. KeePass is a popular desktop application that comes with browser extensions and mobile apps features. It stores all your passwords on your computer so that you remain in control of them.
Since it’s an open-source software, you can audit its code if need be. However, the downside of Keepass is that you’re responsible for all your passwords and syncing them between devices is a manual process. You can use a syncing solution like Dropbox to make your work a lot easier.
4. Use Encrypted Email
Some email providers have more secure services than others. Check to see that the one you use provides end-to-end encryption. If not, there's a high possibility that your business email will be exposed to breach. This also increases your liability to penalties under GDPR and HIPAA.
One of the email service providers with end-to-end encryption is ProtonMail. It doesn't come with the ability to decrypt users' emails, and neither can hackers. The only way one can access emails sent between ProtonMail accounts would be by compromising the end-user. Alternatively, they'd have to stage a man-in-the-middle attack. Fortunately, the platform has put measures like Encrypted Contacts and Address Verification that drastically reduce the possibility of an attack.
5. Train Your Employees
It’s not enough to take measures to protect your business email. You must ensure that the whole team is aware of those efforts and is also complying. Creating a culture of awareness will go a long way in building solid security blocks around your business emails and accounts.
Training your employees should be periodic and should commence as soon as a new employee joins the team. The training curriculum should emphasize on the importance of cybersecurity while making employees understand the specific threats they are likely to face.
Third-party security firms can come in handy in providing this training. Task the security officer in your organization with researching and finding the best security vendors.
Some of the areas on which employees should be trained include
- The importance of 2FA or two-factor authentication. Turning on this feature on all accounts helps prevent account takeover, which is a significant problem for many companies.
- Phishing attacks and how attackers use social engineering to entice users to click on malicious links and download malware
- How to create strong passwords that can’t be easily decrypted by hackers
6. Cyber-Security Policy
The training can be reinforced by creating a cyber-security policy and ensuring it’s implemented. The plan should include basic guidelines that all employees must follow. This should cover everything from recommendations for secure web browsers, VPN requirements, email safety tips, best practices for anti-phishing, and password recommendations, among others.
As part of the onboarding process, every employee must be provided with a copy of these guidelines. Security officers should maintain a culture of cybersecurity while managers should always emphasize the importance of the policies.
7. Install a Strong Antivirus
If you install a reliable antivirus, it should raise the bar in securing your business email. It should provide real-time protection from threats like malware, ransomware, among others. Ensure that antivirus software is installed on your PC, Android phone, Mac, among other devices.
While installing antivirus, take measures to secure your router and Wi-Fi. As a business entity, it’s very crucial that you identify who and what is on your network. Unauthorized access could be by users trying to hack into your system. Ensure to change the passwords periodically into something strong and secure.
Business emails are among the most targeted accounts by online fraudsters. The aim is to steal information and data that they can use to commit cybercrimes like fraud and financial theft. The importance of protecting your business email from hacking can’t be overemphasized.
Some of the measures you can use in protecting your email account include using strong and unique passwords. Instead of passwords that contain random characters, try using passphrases. For enhanced security, make use of password manager software. It stores your passwords, and you don't need to memorize them.
Train your employees on the importance of cyber-security. Draw up a security policy and ensure everyone adheres by it. Lastly, ensure that your accounts have strong antivirus installed to take the level of protection a notch higher.