CyberheistNews Vol 16 #11 9 Must-Know Best Practices for Email Security

9 Must-Know Best Practices for Email Security

More than 90% of successful cyberattacks start with email, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). That's not because security teams lack tools, but because attackers target human decision-making.

For years, organizations treated email security as a filtering problem: block enough malicious messages and risk goes down. That assumption no longer holds.

Modern phishing, business email compromise (BEC), and impersonation attacks are designed to bypass technical controls by looking legitimate, arriving at the right moment and pressuring employees to act quickly.

When email attacks succeed today, it's rarely because a control failed. It's because a message reached a person who was persuaded to click, reply or comply.

That's why effective email security now goes beyond stopping bad messages. It requires understanding how employees interact with email threats, where risky behaviors emerge and how organizations reinforce safer decisions in real time.

This guide breaks down practical, proven email security best practices orgs and employees can use to reduce risk by strengthening both technical defenses and the human behaviors attackers rely on most.

Key Takeaways

• Email is still one of the most common starting points for cyberattacks, including phishing, malware delivery and credential theft.
• Email-based social engineering attacks take advantage of human trust and rushed decisions.
• Strong email security best practices combine authentication, filtering, training and simple reporting processes.
• Employees reduce risk through everyday actions like verifying senders, handling links carefully and flagging suspicious messages.
• Human Risk Management helps organizations measure these behaviors and reinforce safer inbox habits.

Why Email Security Still Matters. A Lot.

Email is attackers' most reliable entry point to organizations because it's woven into day-to-day work, from invoices to internal requests. High volume and routine use make it easy to exploit human trust and outdated security practices.

The financial consequences of email-based threats can be severe. According to the most recent FBI Internet Crime Report, BEC scams alone led to $2.77 billion in reported losses in 2024.

The threat is only getting worse. Generative AI has made phishing attempts easier to produce, more convincing to read and harder to detect, raising the bar for defenses that address both technology and user behavior.

[CONTINUED] At the KnowBe4 Blog:
https://blog.knowbe4.com/9-must-know-best-practices-for-email-security/best-practices-for-email-security

Automate Incident Response and Maximize SOC Efficiency

Your security team is drowning in alerts and threats are slipping through. With SOC teams facing more than 4,400 daily alerts, over 40% of which are false positives, the vast majority of organizations are overwhelmed by backlogs.

The result? A five-hour response gap that leaves threats sitting in your employee inboxes for days or weeks. Stop gambling with unaddressed alerts using technology that collapses the time-to-containment from hours to minutes.

During this demo, you'll discover how PhishER Plus eliminates the dangerous vulnerability window between threat detection and containment by combining triple-validated threat intelligence with human oversight:

• Accelerate Response times with AI-powered automation that allows you to code custom rules in plain English, reduce manual email review time by up to 99% and eliminates alert fatigue
• Leverage unmatched threat intelligence from 13+ million global users, KnowBe4 Threat Research Lab and leading third-party integrations, catching zero-day threats that bypass SEGs and other ICES defenses
• Maintain complete visibility and control over AI-driven decisions with PhishML Insights, eliminating black-box uncertainty and reducing false positives that waste $875K annually
• Remove threats automatically from all mailboxes with Global PhishRIP before users can interact with them, eliminating the risk of employees otherwise falling for the attack
• Convert real attacks into targeted training opportunities with PhishFlip, reinforcing vigilant employee behavior while showcasing security awareness gaps

Discover how PhishER Plus customers achieve 650% ROI within the first year. Transform your employees into your most valuable defenders while meeting SOC efficiency targets.

Date/Time: TOMORROW, Wednesday, March 18 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-3?partnerref=CHN2

[Arms Race] Hackers Use AI. Here’s Why Defenders Must Too

By Roger Grimes

Yes, you need AI to defeat AI. Long-time followers of mine know that I am not an AI hype person. Some people might even call me an AI critic. I prefer to call myself an AI realist. I do not think AI will kill us all (despite our best efforts to bypass all guardrails and common sense).

I do not think AI will replace all jobs. I do not think AI will replace all cybersecurity jobs.

But I do think AI allows improvements in many areas, including cyber defenses, over traditional tools and techniques. And I do think that we will need plenty of AI-enabled cyber defenses to defeat AI-enabled threats.

Article Summary

• AI does many things more efficiently or better than humans and/or traditional cyber defense tools
• There are many traits that make AI better and more efficient at particular types of tasks
• Those traits will make AI-enabled cyber attacks more successful
• You will need those same AI traits to fight AI-enabled attacks

2026 is the year hacking becomes mostly an AI-enabled endeavor for attackers and their malware programs. Attacks and scams using AI are already more successful and steal more value per attack or scam. Chainalysis stated that scams that used AI stole 4.5 times more value than scams that did not use AI.

That one fact alone means that what most hackers and scams use will be AI-enabled. Most phishing toolkits already use AI. Most hacking is already on its way to using AI this year. The future of hacking is set – and it is AI-enabled.

We do not even have to wait for the future. It is here already. Google and other major vendors are reporting increased AI use in hacking. Here is Google's most recent blog on AI-enabled attacks. It is very difficult to read that report and not see where all hacking is heading.

When your kids hear the word "hacker", they will not think of a human in a hoodie hunched over a laptop drinking Jolt cola. They will think of AI, because that is what it will mostly be.

And...for sure...you will need AI to best and most efficiently defeat AI.

In this post, I will not be covering the attacks AI can be involved in, but I do cover them in my latest book, How AI and Quantum Impact Cyber Threats and Defenses.

I will say that there are dozens and dozens of attack types. Dozens of attacks are accomplished using AI and dozens of attacks against the AI tools you use. There is a difference, and you have to be prepared to defend against both categories of attacks.

So, why will we need AI-Enabled Cybersecurity Defense Tools to Fight AI Attacks?

[CONTINUED] at the KnowBe4 Blog:
https://blog.knowbe4.com/yes-you-need-ai-to-defeat-ai

Mind the Gap: Moving Beyond Traditional Email Security

Email remains the #1 attack vector for cybercriminals and threat emails are making it through to users' inboxes at an alarming rate. Whether you're relying on a legacy secure email gateway (SEG), native cloud provider protections or basic filtering solutions, phishing attacks bypassing traditional defenses have increased by 47.30%.

Join Jack Chapman, SVP Threat Intelligence, for this essential webinar as we explore Integrated Cloud Email Security (ICES) and how to close the email protection gap. We'll dive into why threats get through when tech and policies fail to address the human element.

You'll Learn:

• The gaps in traditional email security approaches and why they fail to detect threats
• How to identify and stop sophisticated attacks that standard security controls miss entirely
• How to save your admin time and money by deploying an integrated approach
• Real-world attack scenarios that bypass traditional defenses and what it takes to stop them before they reach your users
• See a demo of how you can achieve risk reduction, compliance benefits and efficiency gains

Date/Time: TOMORROW, Wednesday, March 18 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ces-mind-the-gap?partnerref=CHN

[Eye Opener] Your Next Insider Threat Might Be an AI Agent

AI is now woven into the cybersecurity story in ways that would have sounded theoretical just a year ago. Today it is quietly reshaping the threat landscape from multiple angles.

A recent lab study showed autonomous AI agents bypassing safeguards, leaking credentials and even downloading malware in a simulated enterprise environment. The agents were not told to attack anything. They simply pursued their assigned goals and exploited weaknesses along the way. That should give every security leader pause.

At the same time, attackers are proving that old mistakes still open the door. A massive data theft campaign targeting Salesforce Experience Cloud portals appears to stem from simple configuration errors. Hundreds of sites may have exposed CRM data that criminals can now weaponize for social engineering and voice phishing.

Then there is the growing risk inside everyday tools. Microsoft recently patched an Excel vulnerability that combined cross-site scripting with prompt injection targeting Copilot. In other words, a spreadsheet could manipulate an AI assistant into leaking sensitive information.

The lesson is clear. AI is expanding the attack surface while familiar risks remain firmly in place. Security leaders now face a dual challenge: controlling autonomous systems while still fixing the basics. Technology changes quickly, but the fundamentals of security discipline matter more than ever.

The Convergence: Why Your Human Risk Management Strategy Can’t Ignore AI

The workplace is no longer just humans. If not already, your organization will soon manage a hybrid workforce of humans and AI agents working alongside your employees, accessing systems and making decisions. And both are targets!

Join us for an exclusive discussion between guest speaker Jinan Budge, VP & Research Director at Forrester and Bryan Palma, President & CEO of KnowBe4. Together, they will explore the urgency of AI adoption and the seismic shift currently occurring in human risk management.

This category emerged specifically to overcome the shortcomings of security awareness training in the medium term. But when AI agents can be prompt engineered just as easily as humans can be socially engineered, your security strategy needs to evolve.

You'll discover:

• The current state of human risk management
• Why traditional one-size-fits-all security awareness training fails to change behavior or prepare people for AI threats
• The convergence of human and AI vulnerabilities and how phishing, deepfakes and prompt-engineered attacks exploit the same trust mechanisms whether the target is a human or an AI agent
• How to detect and report on human and human-to-AI risk with business-ready insights leadership can understand and act upon
• Practical first steps to build security programs that protect humans and agents, reduce manual overhead and scale with AI adoption

You'll leave with a clear understanding of where human risk management is headed, how to measure and manage human risk at scale and concrete steps to secure your workforce.

Watch Now:
https://info.knowbe4.com/ai-human-risk-management-webinar?partnerref=OD

Ransomware Attacks Surge by 50% Even as Payments Drop

The number of ransomware attacks increased by 50% in 2025, even though the number of victims who decided to pay the ransom fell to an all-time low, according to a new report from Chainalysis.

The size of the ransom for victims who did pay increased significantly, growing 368% year-over-year to nearly $60,000. The total ransom payments observed by Chainalysis last year amounted to $820 million.

"In 2025, ransomware actors received more than $820 million in on-chain payments — an 8% decline year-over-year (YoY) from $892 million, our updated 2024 estimate," the researchers write. "The 2025 total is likely to approach or exceed $900 million as we attribute more events and payments, just as our 2024 total grew from our initial $813 million estimate this time last year."

The researchers also note that the number of ransom payments doesn't capture the full scope of the damage caused by ransomware.

"The ransomware narrative of 2025 cannot be told through revenue figures alone," the researchers say. "While payments declined modestly, the scale, sophistication and strategic impact of attacks continued to expand. Organizations large and small — from global automakers to regional healthcare systems — faced extortion that disrupted operations, eroded trust and incurred systemic costs that far exceeded on-chain ransom totals."

Chainalysis concludes that ransomware gangs are adapting and improving their tactics to squeeze as much money as possible out of their victims.

"In this context, the ransomware landscape in 2025 is best characterized by adaptation rather than retreat: extortion tactics continue to evolve, enabling actors to extract value and damage beyond traditional payment streams," the researchers write.

"For defenders and policymakers alike, this underscores a central truth of the modern ransomware era — effective response requires both robust defenses and strategic resilience to limit the total harm inflicted by these multifaceted threats."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/ransomware-attacks-surge-by-50-even-as-payments-drop

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: Your February 2026 KnowBe4 Fresh Compliance Plus Content Updates:
https://blog.knowbe4.com/your-knowbe4-fresh-compliance-plus-content-updates-february-2026

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-11-9-must-know-best-practices-for-email-security

Email DLP: Everything You Need to Know

What is Email Data Loss Prevention (DLP)?

Traditionally, email data loss prevention software has used static rules to stop users from emailing sensitive or confidential data. Specifically, email DLP protects organizations from accidentally exposing sensitive data such as bank account numbers, passwords, credit card numbers, intellectual property or trade secrets.

Email DLP has played an important role in organizations' email security strategies. Since email is the most common form of corporate communication, it is statistically the most likely way an employee can expose sensitive information, whether by accident, neglect or malicious intent.

Email DLP can be used to help eliminate human error, which is rampant in email usage. (Just think: How many times have you hit reply-all by accident or sent the wrong attachment?) Especially for organizations that are subject to compliance audits, email DLP has been a critical security component.

How Does Email DLP Work?

Eliminating human error is best done by anticipating those errors. Email data loss prevention solutions have traditionally anticipated those errors by enforcing a set of mail flow rules. These rules scan and filter both message text and attachments, looking for keywords, dictionary matches and text patterns.

Because they're static (not dynamically intelligent), the traditional email DLP rules are usually determined based on data sensitivity and appetite to risk and then apply a one-size-fits-all approach.

This is what it looks like in action:

A legal secretary at a mid-sized law firm prepares an email for a client, adds several legal documents as PDF attachments, puts the client's email address in the "To" field and the attorney's email address in the "Cc" field and hits the "Send" button.

What consequences does hitting "Send" trigger with traditional data loss prevention software? When an email DLP policy is enacted, the mail server scans the email, comparing the text of the email to lists of keywords that were built into the software, as well as lists that the law firm's IT administrators created.

The DLP scan also alerts for formats of sensitive numbers, like social security and credit card numbers, by using checksums to easily detect these types of data. If the email DLP scan finds sensitive information, this can trigger several types of events, such as:

• Asking the sender to modify the email before sending it – for example, removing sensitive information that can't be sent to external domains or applying encryption
• Asking the sender to verify recipients and attachments
• Rejecting or quarantining the email instead of sending it
• Automatically modifying the email through pre-built rules within the DLP software – such as applying email encryption

Normally, email DLP solutions are configured to perform the first operation. In our example, then, the legal secretary would receive a prompt to remove certain information before sending it to an external recipient or a prompt to encrypt the data.

As they are static, traditional DLP rules are unable to add any level of intelligence to their decision-making. They're either one or the other. For example, credit card details either can be shared with external domains or they can't. You can build per user – i.e. Person A is authorized to send credit card details to external domains but Person B isn't – however this takes considerable resources from IT administrators, who not only need to build the initial lists but then need to respond to any changes.

[CONTINUED] At the KnowBe4 Blog:
https://blog.knowbe4.com/email-dlp-everything-you-need-to-know

Ransomware Gangs Launch Social Engineering Attacks Over Microsoft Teams

Criminal threat actors are launching social engineering attacks over Microsoft Teams to deliver a new strain of malware called "A0Backdoor," according to researchers at BlueVoyant.

"This widely reported attack begins when the threat group, posing as information technology staff, targets users within an organization by overloading their emails with spam," the researchers write. "The adversary then contacts the impacted user via Microsoft Teams and informs the user about the abnormal behavior, offering to assist them.

"They request remote access to the device using the built-in Windows remote assistance application Quick Assist. Once on the device, the threat group attempts to load their own proprietary tooling in order to maintain access to the compromised device."

The researchers note that this technique has been used over the past two years by threat actors affiliated with the Black Basta and Cactus ransomware strains.

"BlueVoyant assesses this attack activity has been active since at least August 2025 through late February 2026 and aligns with the social-engineering playbook reported in late 2024 and 2025 for the adversary tracked as Blitz Brigantine (a.k.a. Storm-1811, STAC5777) or also linked to Black Basta and Cactus affiliates' attacks: email bombing, IT support impersonation over Microsoft Teams and Quick Assist misuse to obtain remote control," BlueVoyant says.

These threat actors are opportunistic, with a particular focus on entities in the finance and health industries.

"Victimology across BlueVoyant investigations aligns with prior reporting that the finance and health sectors are frequent targets: professionals at a Canada based financial institution and a global health-aligned organization," the researchers write. "BlueVoyant assesses the selection is likely informed by open-source reconnaissance and cross-tenant Teams reachability, enabling one-to-one impersonation that blends into normal collaboration."

AI-powered security awareness training can give your organization an essential layer of defense by teaching your employees to recognize social engineering attacks.

BlueVoyant has the story:
https://www.bluevoyant.com/blog/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering

What KnowBe4 Customers Say

"On a side note, our users normally provide us very little, if any, feedback on the annual training we deliver. We continue to leverage the KnowBe4 security module to satisfy state requirements. This year, we have received several happy users who enjoyed the security training more than any other module.

"I think this speaks highly of the kind of quality training product that KB4 offers and we look forward to seeing the AI training once the state signs off on the final product."

- B.D., Deputy Chief Information Security Officer

1. Fake Claude Code install guides push infostealers in InstallFix attacks:
   https://www.bleepingcomputer.com/news/security/fake-claude-code-install-guides-push-infostealers-in-installfix-attacks/
   
   
2. Anthropic research says AI can mass expose of anonymous internet accounts:
   https://www.digitaltrends.com/social-media/anthropic-research-says-ai-can-mass-expose-of-anonymous-internet-accounts/
   
   
3. Anthropic launches code review tool to check flood of AI-generated code:
   https://techcrunch.com/2026/03/09/anthropic-launches-code-review-tool-to-check-flood-of-ai-generated-code/
   
   
4. Kremlin hackers attempting to compromise Signal, WhatsApp accounts globally:
   https://therecord.media/russian-hackers-target-signal-whatsapp-warn-dutch-intelligence-agencies
   
   
5. Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO:
   https://hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
   
   
6. YouTube opens deepfake detection tool to politicians and journalists:
   https://www.nbcnews.com/tech/tech-news/youtube-opens-deepfake-detection-tool-politicians-journalists-rcna262732
   
   
7. Designing AI agents to resist prompt injection:
   https://openai.com/index/designing-agents-to-resist-prompt-injection/
   
   
8. SecuritySnack - CloudFlare Anti-Security For Phishing:
   https://dti.domaintools.com/securitysnacks/securitysnack-cloudflare-anti-security-for-phishing?
   
   
9. OFAC Targets North Korean IT Worker Networks Using Cryptocurrency to Fund WMD Programs:
   https://www.chainalysis.com/blog/ofac-targets-north-korean-it-workers-crypto-march-2026/
   
   
10. Phishing campaign targets HR employees with malware-laden resumes:
    https://www.csoonline.com/article/4143937/resumes-with-malicious-iso-attachments-are-circulating-says-aryaka.html
    
    

• Virtual Vaca #1 - Amazing Train Trips You Must Experience in Europe:
  https://youtu.be/yyGoLKca9q8
  
  
• Virtual Vaca #2 - Top 10 Places To Visit in Thailand:
  https://youtu.be/ts7c6v2mKBM
  
  
• Virtual Vaca #3 - The Best Things To Do In Takayama JAPAN 2026:
  https://youtu.be/iI20EyJZZ2o
  
  
• Women Are Awesome | Amazing Skills & Epic Talent!:
  https://youtu.be/B7mAzdDxgIY
  
  
• Best of Flying - Wingsuit, Base Jumping and Skydiving 2024 & 2025:
  https://youtu.be/uqTV83lGchQ
  
  
• Candide Thovex explores another iconic terrain in Tignes, France: Les Tufs. Lines shaped by time:
  https://youtu.be/_smOoXDuyJU
  
  
• [From The MythBusters Archives] Can You Bust Out of Jail with Condiments:
  https://youtu.be/mnHiHQGJD_U
  
  
• Touring LA’s Multi-Million Dollar Automotive Archive: Inside The Petersen Museum Cars & Bikes:
  https://youtu.be/McOKISiKnvg
  
  
• Ireland's $27BN Plan to Finally Catch Up With Europe:
  https://youtu.be/T_Jz9xzOoO4
  
  
• The Helix 02 Robot makes your Living Room Tidy:
  https://youtu.be/CAdTjePDBfc
  
  
• For Da Kids #1 - Carpenter Builds Stairs For A Stranded Baby Deer:
  https://youtu.be/tzRWSrvCKLw
  
  
• For Da Kids #2 - Dog Can’t Wait To Wake Up His Goose Sister Every Morning:
  https://youtu.be/JM1wAyvFVwk
  
  
• For Da Kids #3 - Rescued Baby Goat Loves Riding On Her Sheep Friend's Back:
  https://youtu.be/dNZ5wpSWnd4
  
  
• For Da Kids #4 - Rescue Wombats Act Like Puppies When They See Their Favorite Human:
  https://youtu.be/pj6mzXOfBpo
  
  
• For Da Kids #5 - Bison Races To His Human Mom Whenever He Sees Her:
  https://youtu.be/Z6PocIokQZI?si=C14qV-H2iNlWtXp3