30 November 2022

Why you need to start taking your businesses email security more seriously

Massive data breaches in South Africa in 2022 that highlight the danger of cyber attacks on businesses

Give a thought to all the sensitive information in your personal and work inboxes. Your identity, bank information, address, investments, insurance, contacts, and sensitive business information are all there.

We forget how integral email is to our lives. Social media, software service accounts, and online shopping require a valid email address. Email is your ID in the digital world. If unprotected, you’re completely exposed.

We tend to think of security in terms of silos. We need to do “x” to protect our email. The reality is that everything is integrated online. Seemingly unconnected pieces of information add up to more and more data in the hands of cybercriminals they can use.

Most businesses don’t take breaches as seriously as they should. Until it’s too late and it happens to them. When it does, the impact of losing critical data, productivity due to downtime, and damage to your reputation – are all extremely costly, in both the short and long term. Let’s take two of the most significant cyberattacks in South Africa this year and how they may have impacted you (if they haven’t already).

TransUnion South Africa

A hacker group breached TransUnion South Africa and claimed it possessed everything from credit scores, banking details and ID numbers of 54 million South Africans and included over 200 corporate companies’ information.

They contacted the CEO in March 2022 on his personal cellphone to deliver their ransom demands — R223 million in Bitcoin in seven days, or they would leak the data or target clients themselves.

Dischem Cyber Attack

Barely two months after the TransUnion cyberattack, Dischem fell victim to an attack too.

The attack originated from a third-party provider and compromised over 3.6 million South Africans’ data.

Dischem stated that cybercriminals could use their stolen data to commit further attacks by cross-referencing their data with other cyberattacks.

These attacks may not have been direct email hacks. Still, by understanding how malicious cyber attackers work, a criminal doesn’t need all the information in one place. Fragments of data start to add up.

The important question to consider in light of these attacks is – could your business be next?

From our own experience at SYNAQ, we’ve learned that cybercriminals view emails as a virtual treasure trove of information. You reveal information about your work, your position in the company and how long you’ve been there. With that knowledge, cybercriminals can use various tactics to impersonate, target, and steal hundreds of thousands within hours.

With the information you share via email, criminals can build a detailed profile of you, the same as if you were also compromised in the Dischem and TransUnion attacks.

They will know your socio-economic status, shopping habits, name, email, home address, phone number, employer, medical aid, and ID number. From there it is only a hop, skip and a jump before you are married to 53 strangers and you have 15 credit cards.

The importance of cybersecurity awareness, prevention and tools is more evident this year than ever. The number of breaches we have seen in the news and their far-reaching effects should be a wake-up call for every South African.

As a trusted advisor in the security space, we must emphasise the importance of the following:

Early Detection & Prevention

Here are our top tips for detecting and protecting yourself from email threats.

Watch out for phishing clues

Spelling and grammar errors in the URL and the email content are common signs that an email is not what it seems. Be mindful of phishing tactics and check for clues.

Beware of links and attachments

Hover over a link in an email to check the URL before clicking on it. Ensure you trust the sender before clicking on links or downloading attachments – especially if they end in .exe, .cab, .htm or .jar.

Use multi-factor authentication

Add an extra step to the verification process for transactions and data access to verify an email instruction to transfer funds or send sensitive data.

Encrypt sensitive communications

Use encryption whenever possible when sending sensitive information. And remember, one piece of information may seem harmless, but fragments add up.

Corroborate information

Be careful of scare tactics in emails. Double-check information through a trusted second source. Cybercriminals will impersonate banks, hospitals, institutions, and government departments, spreading bogus claims with a link for more information that leads to a fake site.

“Act Now” is a red flag

Any email that demands immediate action is suspicious. If an email tries to scare you and insists you click a link or provide personal information right now to avoid some disaster, there is a good chance it’s a scam.

Never share personal information

If an email asks for personal details like your ID number, don’t provide it. Legitimate institutions never request personal data via email. Don’t respond or click on any links.

Bonus tip: Do your part by tailoring bulk emails

If your company sends bulk emails internally or externally, you can help make scammers’ lives harder. Craft a distinct message for the body of bulk emails. When mass billing, differentiate your emails from generic invoice spam with branding and messaging.

The Importance of Cybersecurity Awareness

Your last line of defence is sitting inside your business – your people. Since 95% of cybersecurity breaches are caused by human error, this poses the biggest threat.

Organisational Readiness

Define your organisational processes so employees know how to handle email threats and breaches. This is crucial in developing and maintaining strong email defences.

Offering regular training to executives, managers, and employees on email threats like phishing, Business Email Compromise (BEC), and ransomware helps mitigate the danger and frequency of successful email breaches.

Frequent Training Reduces the Susceptibility of Employees to Email Threats

A proactive approach toward cybersecurity is best. We encourage businesses to train employees at every level to be more vigilant.

After training, as many as double or triple the number of messages are reported as suspicious. Only some of the messages reported as suspicious will be a threat. Still, employees are more discerning and learn to identify threats more accurately and more often.

We offer comprehensive training and numerous resources, including tools and information and continuous cybersecurity awareness training to ensure your employees are informed about the latest threats.

SYNAQ Securemail: Your ultimate email security solution

Don’t let your business become another statistic. Securemail is the leading line of defence in protecting businesses against spam, viruses, and phishing attempts.

Features

  • Advanced spam and URL threat detection

    • 99.95% spam detection accuracy and 99.9% uptime guarantee.
    • 100% phishing protection SLA.
    • Mitigation of URL-based phishing, ransomware and malware attacks in emails using LinkShield. Automatically corrects messages on the fly and quarantines dangerous sections of mail.
    • Over 2500 different spam checks.
    • Scans for attacks against known and unknown security vulnerabilities.
    • Whitelist and blacklist administration.
  • 100% virus protection SLA

  • Organisational and domain-level management

  • Identity Threat Protection toolset :

    • Identity Threat protection toolset. Domain Anti-Spoof management, Executive Fraud Protection management and Protection Bypass management.
  • Data Leak Prevention (DLP)

    • Introduces business rules and policies that effectively prevent the transmission of email that contains sensitive and confidential information leaking out of the organisation via outbound email.

Learn more about SYNAQ Securemail here.