When your spam folder isn’t enough: Email security best practices

Before we discuss email security best practices or your spam folder and what it should be doing for you, I want to make sure we’re clear about something. SPAM and spam are not the same thing. SPAM is canned luncheon meat; spam is junk email. See? Not the same thing. And while you may not be a fan of either, today, we’re going to look at the latter.

If your main line of defense against malicious emails is a spam folder, you need to pay attention. Actually, you need to pay attention regardless. Spam folders only prevent a certain percentage of malicious emails from getting to your inbox. Ultimately, it’s up to you to prevent bad emails from wreaking havoc. In this article, we’ll look at best practices we can all employ to ensure we’re not victims of a cyberbreach via email.

The growing threat of email security risks 

Did you know that 61% of security threats start with an email? This means that email security threats are threatening your sensitive (read: client!) information—right at this very moment. In fact, a recent report by SlashNext revealed a 341% increase in malicious emails.

Advanced security threats 

As AI matures and threats become more complex, even seasoned employees are struggling to avoid acting on dangerous emails. Here are some examples from this year: 

1. Microsoft and Google are top targets for phishing attacks: In the first quarter of 2024, 38% of brand phishing attempts involved Microsoft, with Google following at 11%. 
2. Malware disguised as bank payment notice: In March 2024, Trustwave SpiderLabs uncovered this phishing campaign that evaded detection by employing techniques to bypass antivirus defenses, effectively compromising sensitive data and demonstrating that antivirus is no longer enough to stop bad actors. 
3. Email login data stolen from over 100 organizations: Palo Alto Networks’ Unit 42 identified a phishing campaign where spam emails delivered malware by altering attachment formats. These attackers successfully stole email login data from over 100 finance, banking and manufacturing organizations. 
4. Ransomware attack on tax return software eFile: The LockBit ransomware group targeted the accounting and tax vertical because these firms are a goldmine for sensitive data. The group claimed to release sensitive data it had exfiltrated if demands were not met.  

Beyond these specific attacks, credential-stealing phishing emails are on the rise. Attackers use compromised accounts to ensure their malicious emails are delivered, and they use legitimate domains. Consumer survey scams continue to be used to steal customer information, including credit card info. And business email compromise (BEC) tactics continue to focus on false invoicing and CEO fraud.

How to protect yourself from email security threats 

Today’s advanced threats continue to grow in sophistication, targeting victims and appearing to come from legitimate sources. If you don’t have an internal security team, enlisting the help of a trusted partner to deliver comprehensive email security is essential. At a minimum, your email security service provider must offer the following:

1. Advanced threat blocking. Your protection has to go deeper than bad actors. You want to ensure your service offers spam filters, blocks phishing and spoofing attempts, as well as BEC and more advanced threat detection. You also need to make sure your devices have EDR (endpoint detection and response) and advanced threat blocking just in case a threat gets beyond your inbox.  
2. Ongoing monitoring. Automated, AI-driven monitoring is essential. Your provider should inform you about potential threats and whether an email is safe to open. If you’re a smaller firm, you also need a reliable point of contact for email and device security concerns. 
3. Account takeover protection. Ensure your service monitors your account for malicious activity to prevent someone from taking over your email and sending harmful communications to clients. 
4. Dedicated backups. Make sure your provider offers granular backups that are immediately available in case of a data loss incident. 
5. Security awareness training. Training employees to recognize and avoid phishing attacks and other malicious activities is crucial. This helps mitigate human error, which is often the weakest link in cybersecurity. 

Email best practices to follow 

Employees may unknowingly put your firm at risk due to outdated practices. And successful cybersecurity efforts require your employees to break bad habits. Even simple interactions like phone calls or video chats can be cyberattack vectors. E-mail poses a significant risk, so it’s crucial to use it cautiously. Enhancing security requires modern practices such as running applications in the cloud, securing devices and training employees to recognize and avoid cyberthreats. Let’s explore specific e-mail best practices to strengthen your security defenses.

1. Train employees. Provide regular security awareness training to help employees recognize phishing emails, avoid clicking on suspicious links or attachments, and understand the importance of strong, unique passwords. 
2. Use secure email solutions. Opt for the best secure email solutions that offer encrypted communication, robust spam filters and AI-powered threat detection. 
3. Verify email sources. Encourage employees to verify the source of an email, especially if it contains attachments or requests for sensitive information. 
4. Avoid sharing sensitive information via email. Use secure methods for sharing sensitive information and documents, such as encrypted cloud portals. 
5. Implement multifactor authentication (MFA). MFA adds an extra layer of security, whether in email alone or when used in a variety of places, making it harder for attackers to gain access using stolen credentials. 
6. Only use authorized equipment and devices. With the increase of remote and hybrid work situations, mandate that employees only use firm-owned devices to connect to your network. 
7. Regularly update security protocols. Stay updated with the latest security protocols and ensure your systems are always current. Hint: Your best move is to have a trusted technology partner handle it for you. 

Why you can’t rely on only your spam folder 

Simply relying on your spam folder to catch all your unwanted messages and malicious emails is like expecting SPAM (the canned meat) to satisfy your gourmet dining needs—it’s just not going to cut it. Your spam filter can’t catch everything lurking in your inbox.

With 61% of security threats originating from email, a robust email security strategy is essential. As cyberthreats grow more sophisticated, employing best practices is essential to protect your firm. But let’s face it—implementing these measures alone can be daunting. That’s where we can help. Our secure cloud platform is designed to provide total security across your accounting firm, providing the expertise and tools you need to protect sensitive information effectively. 

Don’t wait for your inbox to be overtaken with threats. Partner with Rightworks to safeguard your firm’s future. You can trust us to do the heavy lifting so you can focus on what you do best—serving your clients with confidence.

For more advice on securing your firm, contact us today. And don’t forget to subscribe to our blog below. ⬇️⬇️⬇️