Last week, reports broke that Screwfix customers are being hacked as they have been targeted by a new email phishing scam, showing that phishing scandals are on the rise. 

With this in mind, the experts at cybersecurity and compliance company Kiteworks have shared their advice on how organisations can prevent workplace emails from being hacked and what to do if your workplace email is compromised.

  1. Use secure email to send and receive sensitive content

Organisations can ensure the security of their employees’ emails by using a secure email service to send and receive content. Using a secure email service typically involves encrypting the email, including the email body and any attachments, in its journey from sender to recipient. Encryption lets you keep your email communications private and confidential and helps organisations comply with data privacy regulations like HIPAA and GDPR.  In addition, an email protection gateway (EPG) ensures both the sender and recipient use the same encryption standard, obviating the potential of exposed content prior to receipt.

  1. Regularly change your password

Keeping email communications private ensures that PII, PHI, and IP does not fall into the wrong hands. Require employees to use strong, unique passwords for each workplace-related account and change them regularly.  Consider using a password manager to help manage complex passwords.

  1. Avoid clicking links in emails

Cyber criminals regularly use email as a way of tricking employees into sharing sensitive data like credentials to access email and bank accounts. This is known as “phishing.” An effective way to safeguard your organisation from phishing is to provide training to employees to identify what a typical phishing attack can look like. In addition, ensure that your employees are trained to report any suspicious emails or potential threats to the IT department or designated security team immediately.

  1. Avoid using public Wi-Fi

Using a public network for sensitive communications opens employees, their organisations, and their sensitive data to risks. Examples include MITM attacks, where hackers intercept your email traffic, and malware injection, which installs malicious software to access your email accounts, steal data, or damage your system.

As an alternative to using public Wi-Fi, offer employees access to a Virtual Private Network (VPN) which establishes a secure, encrypted connection between their device and a remote server.

  1. Use antivirus software and encryption services

Antivirus software plays a crucial role in defending against email-based attacks by scanning incoming emails and attachments for viruses, and by providing real-time protection through a firewall that monitors network traffic. For more advanced forms of malware like advanced persistent threats (APTs), consider investing in advanced threat protection (ATP) solutions.

Ensure that your organisation has robust antivirus solutions in place and that they are regularly updated to incorporate the latest security patches and threat definitions. Regularly updating your antivirus software is essential for maintaining optimal protection against evolving threats.

  1. Develop an incident response plan

This involves technical responses, communication guidelines, and a step-by-step recovery guide to eradicate the threat, communicate progress to stakeholders, and restore operations. Additionally, consider collaborating with national or regional fraud and cybersecurity services to report significant threats, which can aid in preventing potential cyberattacks and enhancing overall organisational security.

Patrick Spencer, spokesperson at Kiteworks, has shared their thoughts on what to do if workplace emails are compromised:

With approximately 3.4 billion malicious emails circulating daily, it is crucial for organisations to implement strong safeguards to protect against phishing and business email compromise (BEC) attacks. If workplace emails are compromised, an organisation should immediately initiate its incident response plan, which includes isolating affected systems, conducting a thorough investigation to determine the extent of the breach, and notifying relevant stakeholders.

Patrick Spencer, Kiteworks

Joanne Swann, Content Manager, WorkWellPro
Editor at Workplace Wellbeing Professional | Website | + posts

Joanne is the editor for Workplace Wellbeing Professional and has a keen interest in promoting the safety and wellbeing of the global workforce. After earning a bachelor's degree in English literature and media studies, she taught English in China and Vietnam for two years. Before joining Work Well Pro, Joanne worked as a marketing coordinator for luxury property, where her responsibilities included blog writing, photography, and video creation.