Claiming that the works of 16th century playwright could have anything to say about 21st century cyberthreats sounds ludicrous. But hear us out – Shakespeare’s play Henry V can teach us a thing or two about preventing email breaches. Consider Kenneth Branagh’s 1989 film adaptation of Henry V. In one pivotal scene, the titular king rallies his blood- and soot-stained army during a nighttime assault on an enemy fortress. Astride a bucking steed, sword held aloft, he bellows “Once more unto the breach, dear friends, once more; / Or close the wall up with our English dead…” After Henry concludes a (significant) while later, the camera pans to show a single, small hole in the stronghold’s wall, framed in flame. Galvanized by his impassioned words, the army surges through the vulnerability to win the battle and claim their spoils – the fortress and all that belongs inside.
This might seem an odd place to start when contemplating your cyber defenses, especially because kingly conquests and mighty armies don’t pose a danger any longer. Unfortunately, far deadlier foes have risen to take their place, armed not with swords and speeches, but with keyboards and scripts. And they gain a foothold in much the same way as the knights of old – by finding tiny breaches in your defenses.
One of the most commonly exploited vulnerabilities is something you use every day – your email. Recently one of one our clients’ email accounts was hijacked by a malicious actor. In the middle of a normal workday, concerned messages began flooding her inbox from numerous concerned coworkers, regional managers, even corporate office employees. They all contained roughly the same message: some variation of “Is this yours?” and an attached email “sent” by the user that they definitely had not sent. The user immediately reached out to us. The Axxys technician handling the case immediately changed her password, locked down her account, and began investigating and remediating the situation. The tech quickly discovered a stealthily configured rule that caused automatic mail deletion (hypothetically making it harder to detect responses to the malicious link). The bad actor had then spoofed the user’s address and sent a malicious link to a significant number of people inside the organization. Thanks to a prompt and thorough response from the tech, no severe harm was done to either the individual or the corporation. But let’s look at what could have happened.
Below are a few of the potentially devastating results from an email breach:
- Other compromised accounts/machines (both in and outside your company)
- Corporate data leaks
- Stolen confidential client information
- Harmed reputation
- Negative impact on operations
And those are just the most egregious examples. The reality is that the potential ways an intruder may exploit such a breach is limited mostly by their imagination.
Let’s take a look below at some ways you can help prevent a disastrous email hack:
Make your passwords more complicated
This goes for your user account AND your email. But don’t overthink it; we’re not asking you to use a longwinded, multi-stage, 400-digit monstrosity. But get in the habit of crafting passphrases with 8-16 characters and some capitals and punctuation mixed in. And if you can…
Avoid saving passwords to your browser (or a document)
Yeah we know – it’s incredibly convenient for Google to auto-fill for you. But since those aren’t encrypted, getting to them is pretty easy for the bad guys. Plus if anyone were to ever gain control of your user account, all of your portals would be thrown wide open – email, line of business apps, banks, Facebook, etc. The same principle applies to Word and Excel “cheat sheets,” even password “protected” ones. Axxys recommends you use a password manager/vault if you insist on saving your passwords digitally.
Protect your accounts with multifactor authentication (MFA)
Though you may view it as a hassle to have to enter a code or approve a notification when you initially sign into your email, that small step makes it exponentially harder for the bad guys to worm their way into your account. Axxys’ onboarding and deployment procedures make it a cinch to adopt and use.
Training
Sun Tzu once said “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” The same is true for you and your security – the more you learn about how the bad actors work (and the traps you’re more likely to fall for) the less likely you are to invite your enemy in. At Axxys, we provide our clients a steady stream of videos, articles, and even fake malicious emails to keep their threat awareness and knowledge base high.
Your best defense is to, well, hire us! You will sleep easier at night knowing our knowledgeable, personable, responsive team (and our arsenal of cybersecurity tools and procedures) is hard at work keeping your company’s data safe and secure. So when malicious actors rally “once more unto the breach,” seeking to punch holes in your walls and take what isn’t theirs, we will be there to stop them.
Contact Axxys today to improve your business’ cyber defenses.