Digital communication is part of our everyday lives, but emails and messages remain some of the most common channels for fraud attempts, data theft, and the spread of malicious content. That’s why it’s important to develop secure habits and use available security mechanisms to protect ourselves, our colleagues, and business information.

Habits Worth Adopting

• Use unique and strong passwords for every business account. It is recommended to use a password manager for secure storage and automatic login filling.
• Avoid reusing the same password across multiple services.
• Enable two-factor authentication (2FA) for all business accounts. Whenever possible, prioritize push notifications or FIDO security keys instead of SMS codes.
• Regularly update applications, systems, and devices used for work. Security patches often remove known vulnerabilities and reduce the risk of compromise.

How to Recognize and Avoid Threats

• Do not open attachments or links from unexpected or suspicious messages.
• Pay special attention to messages creating a sense of urgency or requesting passwords, financial details, or other sensitive information.
• Check the sender’s address, grammar mistakes, and unusual requests. If something seems suspicious, verify the sender’s identity through another communication channel.
• SMS is not a suitable channel for sharing sensitive information because communication is not encrypted.
• When confidentiality matters, use applications that support end-to-end encryption, such as Signal, WhatsApp, or iMessage among Apple users.

Security Settings and Data Protection

• When sending sensitive business information, use additional protection methods such as S/MIME or PGP encryption, or secure platforms that protect content during transfer and storage.
• Periodically review privacy settings in applications and email clients, and remove unnecessary permissions and access rights.
• Before opening a link, hover over it to check the actual URL. Be cautious of shortened URLs and unfamiliar domains.
• Avoid accessing business accounts through public Wi-Fi networks without a trusted VPN connection.
• Use separate accounts for business and private activities, and avoid using your business email address to register for personal services and applications.

What to Do If You Suspect an Account Compromise

If you suspect that an account has been compromised:

• immediately change the password
• enable or reset 2FA
• notify the IT / InfoSec team
• review recent account logins and activities
• check whether suspicious messages were sent from the account
• warn contacts if malicious content has been distributed from the account
• run a malware and security threat scan on your devices

A timely response can significantly reduce the impact of a security incident and prevent the threat from spreading within the organization.

Continue expanding your cybersecurity knowledge with our additional resources on Phishing Awareness: How to Spot and Prevent Attacks, Shared Responsibility in Information Security, Mobile Device Security Tips, and Data Protection and Privacy Basics. Each resource is designed to help you manage cybersecurity risks, protect sensitive information, and build a stronger security posture.