Whilst emails are a fantastic business tool, and are essential to the modern business, with the increased use of services like Microsoft 365 or Google mail, it’s much more possible for email accounts to be compromised, and therefore email security is vital.
It’s possible that someone in your business has unwittingly entered their email account username and password into a malicious website, and therefore given a 3rd party full access to all their emails. The 3rd party could then take the time to read all of the employee’s emails and build up a picture of who your employee talks to and how they write their emails. They could then send an email from your employee to a customer, for example, saying you have changed your bank details and getting the customer to send money to the new account, or contacting your payroll department and saying that they (the employee) has a new bank account and could any wages be paid to that account going forward.
Of course, the new account is one that the 3rd party has control over and any monies sent there will swiftly be moved somewhere else and you’ll never see them again!
As your employee’s email account has been compromised then the email is actually coming from them and will therefore bypass most spam filters and other protections at the destination end, and as it will look very like a genuine email then it will be very hard for the receiving end to know it’s a fake.
To guard against this, we would always advise to use 2 factor authentication (ie a code sent to your mobile when logging in) on all accounts where possible, and also make use of password rules forcing your staff to have secure passwords that they change on a regular basis. We would also put procedures in place to confirm things like change of bank accounts or other critical information via an additional channel other than email.
As every email set up is different then you should approach your own IT support for advice / assistance on the technical aspects, but should you wish to discuss any aspect of how we deal with emails from you then please don’t hesitate to contact us.