Those first years of business can be exhilarating. It’s just you and maybe one or two other founders, working hard on building your brand and your customer base. Things are crazy, and your biggest job is to get people talking about your product.
Finally, things start taking off—you begin hiring more people, finances get better, and everything’s looking up. But one day, you look around and realize that you just can’t keep track of everything anymore. Lots of things happen every day that you simply aren’t aware of.
And that’s okay! It’s a natural progression. But now you have an even more important job—people know that you exist, including spammers and hackers who are now after you, your employees, and your data. You know this, and you’re working on setting up the right processes and tools to protect them.
The dark side of email
One of the greatest threats to the security of your business is email. It’s the main form of communication in the modern workplace and the most common tool your employees will use. Naturally, this makes it one of the main ways that hackers try to access your business.
Cyber criminals regularly use email to install malware onto your business’s devices via phishing scams, so this is one of the most important areas for you to protect and monitor. Is all this jargon a little too much for you? No worries—we’ll explain everything you need to worry about below.
Malware is short for malicious software: any software that’s designed specifically to cause harm or to disrupt a business. It’s most often sent via email. Once installed, malware can do a number of things.
Malware can come in many forms:
- Virus—The most common type of malware. You’ve likely heard of or experienced this in one form or another throughout your life as a computer user. It spreads by infecting files and often overloads or shuts down your computer.
- Worm—A worm is like a virus, but it can self-replicate without a host program.
- Trojan horse—Like its ancient Greek namesake, a Trojan horse (often simply called a Trojan) disguises itself as a regular program before showing its malicious intent.
- Spyware—One of the most dangerous forms of malware for a business. Spyware can run in the background on a machine for weeks or even months before being detected, gathering and sending back key information that entire time.
- Ransomware—One of the most common cyber attacks, although it’s on the decline due to increased security measures. Ransomware is designed to hold your business hostage until you pay a set dollar amount to the hackers. The dollar amount is often designed to be significant, but also not large enough that you could not pay it or would want to involve the authorities, and can cause significant disruption for your customers.
- Keyloggers—Similar to spyware, a keylogger runs in the background completely unknown to the user. As the name suggests, it logs each keystroke as you type. This is a great way for hackers to gain usernames, passwords, and even full access to your entire system.
Phishing is one of the most common ways hackers infiltrate your system. Just like its namesake, phishing occurs when a hacker puts out some “bait” for an employee to click on, and then the link or attachment downloads a malicious threat onto your system. Unfortunately, this problem isn’t going away. In fact, a recent report by Microsoft found that phishing has grown by over 250% and shows no sign of slowing.
This bait can be anything from an email that looks like it’s from management demanding a meeting to an email that’s supposedly from a family member or someone you trust. These attacks are becoming increasingly sophisticated, and it’s easy for anyone to fall for them—41% of phishing domains include just one character swap, which makes it difficult to spot the fake link. Verizon recently showed that 30% of phishing emails are opened; of those, 12% of the users clicked on the infected links or attachments.
Employers often use training as a solution to phishing emails. But based on relevant statistics and the increased level of sophistication among hackers, training isn’t always effective. Once that malicious link is clicked on, the malware could be in your system for weeks, seeping out data before you even notice.
How to prevent cybercrime
ENISA’s Threat Landscape Report from 2018 found that China and India had the most prolific spam bots in the world, each pumping over four billion spam emails per day. Vietnam, Russia and Iran also made the top 10, with between 500,000 and 1 million spam bots each. If this sounds like a lot, it certainly is—spam now accounts for 85.23% of all email traffic.
Blocking emails from these countries alone can substantially reduce your spam volume and help keep your business safe.
Fight cybercrime with Office Protect
Now that you know about this amazing feature, you’re probably wondering how you can turn it on! It’s easy—just access the setting from your Office Protect dashboard.
Go into Settings, and you’ll see the toggle menu, security impact (low), and user impact (low). You’ll also see the default list of countries: China, India, Vietnam, Estonia, Russia, Congo, Cameroon, Myanmar, Georgia, Kyrgyzstan, Bangladesh and Iran.
Of course, you might actually do regular business with one of these countries! If that’s the case, you can instead configure your settings to only allow emails from countries you’ve specified, as outlined in this article.
Learn more about how Office Protect can help keep your Microsoft 365 tenants safe with our free eBook, or become a Sherweb partner to start using Office Protect and immediately improve your security posture.