Proudly supported by

Australian Government logo


Resources Hub / Boost your cyber resilience / Is your inbox secure?

Is your inbox secure?

You likely go to great lengths to keep your home secure, to keep all your valuables safe. But there’s another place that holds a treasure trove of valuable things: your email inbox.
Amongst all of the emails from the mailing lists you’re subscribed to, it’s a place filled with personal information, details on all your different accounts and subscriptions, maybe even stored passwords. As your personal inbox, it’s a place where confidential details likely flow freely.
So what happens if someone sneaks in and starts rummaging around? That's exactly what an email compromise attack is: a digital break-in where cybercriminals gain access to your inbox and wreak havoc.

How does an email compromise happen?

So how do they get in? Cyber criminals can use stolen passwords or sneaky phishing tactics to get in, then steal sensitive data like financial info, personal conversations, or even passwords to other accounts. It’s a major headache, and unfortunately, it’s happening often.

How to avoid an email break-in

Just like you can bolster your home security system and increase deterrents for thieves to break into your house, there are a number of ways to help keep digital criminals out. So, how do we turn on the alarm system for our emails?

1. Multi-factor authentication (MFA)

One of the most effective ways to protect online accounts such as your email from cyber criminals is through MFA, a two-step verification to verify your identity and add an additional layer of security. But scarily, according to Cyber Wardens research, only 46% of small businesses are protecting their email accounts with MFA.

So make sure you switch MFA on for your email account. It could be a code sent to your phone, a fingerprint scan, or even a separate app where you need to verify your identity. This extra hurdle might mean it takes slightly longer to access your emails sometimes, but it also makes it much harder for cyber criminals to break in, even if they steal your password.

2. Create a strong password

Speaking of passwords, how strong is yours? Do you use the same password for multiple accounts? Weak or repeated passwords are like flimsy locks—easy to pick.

To strengthen your passwords, try using strong passphrases (think a long sentence you can easily remember) and consider using a password manager.

3. Keep passwords to yourself

Another big security risk? Sharing passwords. Let’s be honest, particularly in small businesses it’s tempting to have a central list everyone can access. But sharing passwords is like giving everyone a copy of your house key. The Cyber Wardens report found that only 6 in 10 (61%) small business owners currently provide each employee with their own login and password, which creates a major vulnerability.

The best practice? Unique logins and passwords for every employee. This way, if one password gets compromised, the damage is contained.
Small businesses are prime targets for email compromise attacks. By implementing MFA, using strong and unique passwords, and ditching shared password lists, you can help build a strong digital defence and keep your inbox—and your business—safe.

With Cyber Wardens, you can keep your digital floors clean and free of cyber criminals fishing.


Learn easy and simple cyber security tips for your small business


More helpful resources for you and your business

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.