Growing threat of email system hijacking
We asked Todd Gifford, our resident Information Security expert, for his take on the risks posed to small and medium sized businesses from email system hijacking. Here’s what he had to say on this growing security threat:
I’ve spoken with a number of different organisations in the past month who have fallen victim to having their email systems hijacked. The one thing they have all had in common is that they first became aware of it when their ISP notified them that they were going to be blacklisted. For one of those organisations, being blacklisted meant having no access at all to their email for several weeks, a situation which caused many challenges for the day to day operation of their business.
Why would someone hijack an email system?
Hijacked email systems are being used for sending out spam email and phishing campaigns with the aim of gathering personal and account information which can be used for fraud. Compromised email systems can also be used as springboards for other attacks from within networks.
Why hack a website as well?
The most common reasons for hacking websites include stealing confidential data such as account information and credit card numbers and spreading malicious software. There have been several high profile cases of this kind of attack in the news recently.
Why would your business be a target?
The majority of small and medium sized organisations don’t have mature Information Security practices and are vulnerable to attack as a result. Many on-site email systems are exposed directly to the internet and if not properly maintained can be easy targets. Hackers use sophisticated automated tools which find and attempt to exploit these vulnerabilities.
How can you protect your business?
The UK Cyber Essentials scheme – which lays out the basic measures you need to put in place to help protect your organisation from cyber threats – highlights the top 5 ‘must do’ activities that can immediately help protect your information and systems:
- Install boundary firewalls and internet gateways
- Implement secure configuration
- Implement access control
- Install malware protection
- Implement patch management
One way we have been helping our clients improve their email system security is by removing their reliance on on-site email servers, and therefore the need to patch and protect them.
If you need help understanding your organisation’s current Information Security maturity or would like help putting in place solutions to reduce your risk and exposure, please give Todd a call on 01242 505470.