Email Security Best Practices

Email Security Best Practices5 Jul 2021

With the recent upsurge in Ransomware, it's appropriate that we publish an article about email security best practices to help businesses understand what they need to do in terms of staff awareness.

People are the biggest risk to an organisations IT system.

Fact: 93% of all Cyber-crime, Ransomware etc. starts with an email. People open emails.

Attachments and Links:

Do not open attachments or follow links from people you don’t know.
Do not open attachments or follow links from people you do know if you were not expecting the email. (They may have already been compromised)
Call them (do not email them) and ask if they sent you the attachment or link. (A Cyber-criminal may well be answering their emails - happens often)
Examine the email sending address carefully.
Example is NOT - it’s a malicious site. NETFLlX is NOT Netflix
Be especially suspicious and careful with emails emanating from “public” email addresses, such as,, etc. Whilst a lot of the public have these for sending their personal email, criminals will also use them as they are extremely easy to register and can be changed often.
Understand that an email coming from somebody like has come from Russia (.ru) Russia is in the top 10 for criminal activity. - The top 5 countries are India (.in), China (.cn), Thailand (.th), USA (generally .com), Indonesia (.id) - Whilst some business suppliers exist in countries outside New Zealand you must think – Am I really expecting that email/invoice from Vietnam or Russia?
Look for bad grammar or spelling. Many criminals have the English language as a 2nd or 3rd language.
Look very carefully at emails about recent events, disasters, or news.
If you did manage to open something you shouldn’t have, or nothing seemed to have happened when you tried to open it then:
Do not forward it to others to see if they can open it.
Let your manager and IT know immediately.


Hackers love to impersonate management or VIPs within a company, as it can be quite profitable. A favourite technique is to impersonate a manager in the business and ask for something to be done, like paying a bill or changing a bank account number for a supplier.
Example – TeamNZ’s admin people managed to deposit $2.68 Million into a Hungarian hacker's bank account last year. To date It has not been recovered.
Usually, these emails involve a sense of urgency or something that seems very odd, but because it looks like it’s from a VIP then often common sense goes completely out the window.
Be very careful what information you give away on facebook or other forms of social media. Whilst that’s too late for many, criminals can often find out enough about someone to hone their impersonation techniques., and even guess your passwords. Its time to lock it up now, share with friends only etc.

Contact us - It's a partnership - we can install systems to minimise your risk. You can ensure your staff are more capable of maintaining email hygiene.