Email is one of the leading attack vectors, and we can’t emphasize enough how important it is to be vigilant when it comes to email security – this is where a Zero Trust mentality is critical. As end-users, we have become too accustomed to using email for routine and often voluminous levels of communication, so it’s easy for us to drop our guard, and this is what attackers count on to be successful.
According to the Verizon DBIR, 94% of malware was delivered by way of email that contained malicious links or attachments. While that may not surprise you, what might is that another study found that 9 in 10 email-based cyberattacks don’t use any malware at all, but instead use social engineering techniques like phishing against their targets.
Furthermore, the researchers found that more than one-third of end-users tested failed to spot phishing attacks when tested. The good news is that with good security awareness training the number of successful phishing attempts dropped to about 5%. Security awareness and vigilance is obviously important, and even more so with more employees working remotely than ever before.
What happens on the home network can easily bleed over to the enterprise, especially when best practices are not adhered to or applications are employed without understanding how they can impact security both inside the home and inside the corporate firewall.
Remote workers need to take the necessary steps to secure their home network, use applications responsibly, and lock down their devices – both for their own security and for that of the corporate systems they will likely be connecting to for a good part of each day.
The Zero Trust Guide to Remote Worker Security white paper provides remote workers with tips on a wide range of security issues they should be aware of when working from the field. Learn what steps you need to take to mitigate the risks, with guidance about improving email security including:
Don’t click links: Hovering your curser over links can show you the address they lead to, but it is a best practice to only type trusted URLs directly into a browser, and to never click on links in emails even if the email appears to be from a trusted source.
Don’t open untrusted attachments: Be careful with attachments, especially if you don’t recognize the sender or the email appears suspicious.
Disable automatic download of images: They can contain malicious code and infect a device simply by opening the email.
Don’t open unsolicited email from anyone you don’t know: It is best to send these emails to your spam folder and not risk compromise – rarely would any important communications come from an unknown source through an unsolicited email.
Be aware of spelling and grammatical mistakes: These can be red flags for scams and email-based attacks. Also be wary of generic greetings, such as “Dear Sir” or greetings that seem overly personal such as “Dear Beloved” – these are also likely indicators of malicious intent.
Avoid email that demands immediate action or requests for your personal information, passwords, or login credentials: Attackers will often try to instill a sense of urgency in their targets so bad decisions are made.
Take a Page from the Zero Trust Playbook
The Zero Trust security model trusts nothing and no one by default. Under a Zero Trust security model, every user, device, and network are assumed to be hostile until they can be validated, and they are continuously validated to prevent a security lapse. Remote workers can apply the Zero Trust concept of assuming everything is a potential attack or avenue to compromise until they can verify that it is not.
The Zero Trust Guide to Remote Worker Security serves to act as a starting point for remote workers to take some simple steps to improve their security posture when working remotely – download this valuable resource today.