How to Avoid an Email Security Breach

How to Avoid an Email Security Breach

Email is still the most important communication channel. More than 300 billion e-mails are sent and received every day. According to forecasts, this figure will increase to almost 400 billion a day by 2026.

Hackers know this and are constantly targeting companies, infecting them via email with various types of malware or phishing attacks. But this only happens when companies have poor security hygiene and fail to provide ongoing employee training.

As an example, in 2019, healthcare organization NHS Highland inadvertently disclosed the health records of 40 HIV-positive people by sending an email via CC rather than BCC. This was considered an email security breach.

This article is about email security breaches and how to avoid them using best practices and Hornetsecurity’s email security services.

We all want to stay ahead of a malicious email leading to a compromised business. Don’t we!?

Understanding Email Data Breaches and the Importance of Email Security

A data breach is data loss or data compromise due to inadequate security measures or human error.

Malicious actors are targeting our infrastructure using various techniques such as malware, phishing, and social engineering. In most cases, these attacks are carried out via email. The hackers try to trick us into opening links or attachments that give them access to our infrastructure and data.

Even if we have the most advanced security measures and systems in place, this is of no use if our employees are not trained in the correct handling of devices, emails, and data.

The first target of most cyber attacks is people. Attackers use our human psychology against us, our willingness to help others or our lack of understanding of the risks involved in email attacks.

The introduction of strong email security measures and employee training reduces the risk of being hacked

Notable Examples of Massive Email Data Breaches

There have been several data breaches in the last decade. We will not go into all of them, but we will mention a few major data breaches.

In August 2013, Yahoo was attacked by a hacker group. Over 3 billion email accounts were compromised.

In 2018, hackers gained unauthorized access to Aadhar, the largest ID database in India. Over 1.1 billion Indian citizens were affected by this data breach, including their data such as names, addresses, photos, phone numbers, emails, and biometric data.

In July 2019, hackers gained access to over 100 million accounts hosted by Capital One. The hackers stole credit information affecting around 100 million people in the US and around 6 million accounts in Canada.

In June 2021, LinkedIn discovered that 700 million of its user accounts had been exposed to the dark web. This was the largest data breach the company had experienced.

There are dozens of other data breaches that can be traced back to inadequate security measures.

Exploring Vulnerabilities Stemming from Weak Email Security

Weak email security can expose company data and vulnerabilities. Weak email security is related to weak passwords, lack of multi-factor authentication, lack of security measures against phishing and spam, lack of email encryption, lack of email security policies, lack of ongoing training, and others.

Even failing one of these can damage the integrity and reputation of a company and put it in financial difficulties.

Where there is weak email security, there is plenty of scope for attacks and email security breaches. Attackers can easily penetrate our network and exploit vulnerabilities from the physical to the application layer to attack our unpatched systems, unencrypted storage, unpatched systems, and others.

To minimize the risk, companies should invest in robust email security measures.

Recognizing Signs of a Hacked Email Account

If you suspect that your email account has been hacked, there are several signs you should look out for. Please note that these signs, especially if they are suspicious activity (they could be you), are not always proof that your account has been hacked, but they should trigger an alert to check it out.

There are two possible scenarios. Your account has been hacked and you can no longer use it, or your accou

If you suspect that your email account has been hacked, there are several signs you should look out for. Please note that these signs, especially if they are suspicious activity (they could be you), are not always proof that your account has been hacked, but they should trigger an alert to check it out.

There are two possible scenarios. Your account has been hacked and you can no longer use it, or your account has been hacked and you can still use it.

In the first case, hackers have compromised your email account and data and changed the password.

You have tried several times to re-enter your web or email client password, but it does not work. If you have been authenticated in the Outlook client application, you are prompted to re-enter your password. You have probably been hacked.

In the second case, the hackers have compromised your email account but have not changed your password. If you have configured this, you should receive a notification about unusual or suspicious activity in your email account.

Email accounts have a security service that sends emails directly to you or your alternate email address when suspicious activity is detected.

These activities may include notifications of unauthorized access from unusual IP locations or devices, password change notifications, unexpected password reset emails, changes to account information, and unknown devices connected to your email account.

You should always pay attention to these notifications, even if you think it’s not a sign of malicious activity. For example, if you were logged into your email in Germany, then traveled to the US and continue to use your email, your email service will trigger a notification of a new sign-in activity from a different country.

In this example, we see that someone tried to log into my email account from the US and an unknown location, and it wasn’t me.

Email Sign-in activity

Email Sign-in activity

Additionally, if your internal or external colleagues are receiving spam or phishing emails from your account that you did not send, your account is likely compromised.

Note that sometimes an email may appear to be from you, when in fact it was sent from a different email address and merely uses your email addresses as “cover” to make it more likely to slip through defenses.

Check if there are any suspicious emails in the “Sent” folder or if there are any forwarding rules in place to forward emails from your account to a third party’s email address.

Steps to Take If Your Email Security Has Been Compromised

If you are an IT Administrator and you notice in the breach list that some of the emails within your organization are breached, you need to take immediate security measures and inform affected parties.

First and foremost, change the email password and implement (MFA) multi-factor authentication. If you are an end-user and find that you can no longer log in, report the incident to your IT team immediately.

Different security measures to secure your email account

Different security measures to secure your email account

Check your account settings to see if they have been changed. Since many apps are registered to a specific device or you, check the apps and devices associated with your email account. If you notice any unknown devices, block them immediately.

Also, check account activity and see where you have logged in or tried to log in without authorization.

Malicious people could be sending emails to your contact list. You should check your folders for sent, received, and deleted emails. Also make sure that your contact list is informed, as they may have received emails from you that originate from malicious people.

Scan your computer and network for malware and viruses.

Once you have found the root cause and taken the measures mentioned, you should find out what caused it, document it, and strengthen your security measures to prevent it from happening again.

How can you do this? Read the section below on Hornetsecurity.

Strategies for Organizations to Mitigate Simple Email Mistakes

One of the most common email errors is incorrect delivery. That is, when you accidentally send a confidential email with or without attachment to the wrong external email contact.

One of the ways to alert employees when the company sends email notifications is through external email notifications. Microsoft 365, for example, offers you the option of activating external email alerts. If you send an email to an address outside your company, you can see the warning as a precautionary measure.

External Email Warning Message Microsoft 365

External Email Warning Message Microsoft 365

Another example of incorrect delivery is the improper use of CC and BCC email fields. In 2019, representatives from the healthcare organization NHS Highland sent emails to nearly 40 HIV-positive people, publicly exposing them and breaching confidentiality.

What did they do to publicly expose them? They sent an invitation to a support group run by a health clinic, using the CC and not the BCC (Blind Carbon Copy) email field. For the sake of sharing, with CC all recipients are visible to everyone, whereas those who are BCC’ed are not visible to anyone.

Another mistake is not recognizing spam. Spam is an unsolicited advertising message that. Phishing emails on the other hand are malicious emails, either with links to malware or some other dangerous site, or malicious attachments. Users should be trained to recognize these and report them immediately to the IT department.

How can you mitigate these simple email mistakes? By providing continuous security awareness training and challenging users’ actions.

Additionally, use email filtering and security detection to block malware, spam, and phishing attacks before they land in your user’s inboxes.

Reducing the Risk of Email Data Breaches: Best Practices

Security is a shared responsibility. It is the organization’s responsibility to implement security measures and training on security, and it is the end users’ responsibility to follow them.

First and foremost, make sure you have a strong password culture. That means enforcing various password policies within your organization. These policies include password complexity, password length, minimum and maximum password age, password history, password lockout, and others.

For example, the password’s complexity determines which characters should be included in it, while the length determines how long it should be. If you apply these two policies to your email accounts, you can get a password with at least 12 characters, including upper and lower case letters, numbers, and symbols.

As far as password guidelines are concerned, you should never use the same password for multiple accounts. If one is hacked, so can all the others. Also, never use personal information in your password.

Using a strong password is not enough. You should implement MFA (Multi-Factor Authentication). With MFA, you must confirm your identity via SMS, app, or biometric data. If a hacker were to hack your password, they would be unable to successfully log in if they do not have access to your phone. MFA is a must. Not an option.

Hackers use social engineering and phishing to trick you and gain access to your computers. How can you fight them? With solutions like the Hornetsecurity Security Awareness Service, you can also simulate phishing attacks and create sophisticated phishing emails that train users to spot suspicious emails. With this service, you can target everyone from entry-level to C-level.

Phishing attacks will still come after the training. You should implement email security measures that recognize and block phishing attacks in time.

You can find out more about preventive phishing measures in the section Protect your brand with Hornetsecurity: The role of email security.

There are other practices that are a variation of what we mentioned above.

Protect Your Brand with Hornetsecurity: The Role of Email Security

Hornetsecurity offers you a range of tools to strengthen your email security and mitigate email data breaches. These include advanced threat protection, spam and malware protection, and email encryption.

Advanced Threat Protection

Advanced Threat Protection protects your organization from advanced cyber security attacks and threats such as ransomware, phishing, and more. This is very important protection as malicious individuals and groups target organizations with malware such as Emotet, Tribot, GandCrab, and others. The easiest way to send them is via email.

We are trying to make our lives easier by providing everyone with a QR code to download or access a specific website. It’s easier to scan it than to type it in. Isn’t it? Very often hackers put links that direct you to a malicious website to download or simply access a link.

Advanced Threat Protection offers a QR Code Analyzer that analyzes QR codes and checks if they are malicious, in which case the email is blocked accordingly.

QR Analyzer

QR Analyzer

Advanced Threat Protection protects you against blended attacks that are combined into a single email attack. Blended attacks include different types of malware such as viruses, spyware, spam, and phishing.

Hornetsecurity uses various technologies to protect you from email attacks, including sandboxing, freezing, safe links, URL scanning, real-time alerting, and ex-post alerting.

A strong alliance against all methods of attack

A strong alliance against all methods of attack

The sandbox engine scans the attachment in an isolated environment and checks for malicious activity. If the document is malicious, the file is quarantined, and the IT Security team is notified. If a file cannot be classified as malicious, but seems suspicious, Hornetsecurity freezes it for a short period.

Advanced Threat Detection also helps you to scan links before you open them. If you receive attacks such as PDF or Word documents and they contain links, the URL scanning engine can scan them without compromising the integrity of the document.

When an attack occurs, Advanced Threat Protection sends a real-time alert and informs you accordingly. It also supports ex-post alerts to inform you about emails that have already been delivered and are subsequently classified as malicious. It’ll even reach into user’s mailboxes and delete malicious emails that have already been delivered.

Email Security

Hornetsecurity email security offers you a powerful spam filter and protection against malware. According to our research, 50% of the world’s email traffic is spam. Email Security offers the highest detection rate on the market, with 99.9% guaranteed spam and virus detection.

It protects you from DDoS attacks and phishing emails.

It also supports informal filtering, data traffic encryption, link tracking, phishing filters, automatic virus signature updates, outbound filtering, bounce management, dynamic virus outbreak detection, and multi-level spam detection.

In 2023, Hornetsecurity processed in excess of 45 billion emails which provides a unique opportunity to identify emerging threats and critical vulnerabilities, reveal important trends and can make informed projections for the future of Microsoft 365 security threats, enabling businesses to act accordingly. Read more in our Cyber Security Report.

Hornetsecurity spam filtering and malware protection can be integrated into the email management system. Ask about Spam Filtering and Malware Protection now.

Email Encryption

Email encryption enables the encrypted exchange of emails. This is extremely helpful when exchanging sensitive data and attachments. If a hacker intercepts them, they can read them.

It supports all standard encryption technologies including S/MIME, PGP and TLS. It takes minimal effort to manage encryption, user certificates and encryption policies.

Email encryption includes the following features: Testing option for encryption suitability, automatic digital signing & encryption of outgoing emails via S/MIME and PGP, automatic certificate management & key storage, individual setup and definition of encryption policies, personal email certificates, confidential communication via Websafe, and others.

You can read more here Encrypted email – secure email with PGP, S/MIME, TLS Email Encryption.

You can also opt for email compliance and productivity tools for email archiving, signatures and disclaimers, and continuity services.

Security Awareness Service

According to the World Economic Forum, 95% of all cyber security incidents are caused by human error. One of the types of human error is clicking on suspicious links and attachments in phishing emails. Hornetsecurity has developed a solution that simulates realistic phishing emails and is aimed at everyone from entry-level to C-level.

The solution is called Security Awareness Service. It is a fully automated awareness benchmarking, spear phishing simulation, and e-training to raise awareness and protect employees from cyber threats.

It offers an ESI (Employee Security Index) that continuously measures and compares the security behavior of employees throughout the company. Based on the target group in your company and their ESI index, you can develop a customized training course that is tailored to their needs.

Weekly, monthly, or however you like, you can trigger phishing emails and test your employees’ phishing detection skills.

This way your network stays safe.

To properly protect your cyber environment, use Hornetsecurity Advanced Threat Protection to secure your critical data.

We work hard perpetually to give our customers confidence in their Spam & Malware Protection, Email Encryption, and Email Archiving strategies.

To keep up to date with the latest articles and practices, pay a visit to our Hornetsecurity blog now.


Email security breaches let malicious individuals or groups access your company data. This happens due to inadequate security measures and a lack of security awareness.

Hackers attack companies through emails by using social engineering and phishing attacks. The idea behind these two attacks is to trick people into opening malicious links and attachments in email in order to gain access to their data. It is one of the most common malicious methods.

Another way for hackers to gain access to emails is if organizations or companies use weak email security. This indicates weak passwords, lack of multi-factor authentication and inadequate email security software.

Security is a shared responsibility between IT teams and employees. IT teams should implement strong email security measures and enforce policies, and employees should follow them.

This article covered email security breaches, how they occur, and what users and organizations can do to prevent them. It also demonstrates the power of Hornetsecurity’s email security solution.


What is an email security breach?

An email security breach occurs when hackers gain unauthorized access to our data and make it publicly available or use it to attack us. This hurts the integrity of our data and the availability of email communication. This happens due to cybersecurity attacks, phishing, and inadequate security measures in companies.

What happens if your email is breached?

If your email is breached, your organization can get into serious problems. Malicious people get access to your data, they can expose them publicly, inject malware and disrupt business operations.

Can I check if my email has been hacked?

If your email has been hacked, the hacker will probably change a password and you will no longer be able to log in. The second scenario is that your email has been compromised, but you can still use it. Email security services can trigger a notification of unauthorized access from a third-party IP or location in this case.

Can I check if my data has been breached?

You can check whether your email, and therefore your data, has been hacked. There are various services that you can find online to check whether your email is in the hacked database.
Email Threats in 2024 Are Evolving – How Advanced Threat Protection Keeps Your Business One Step Ahead of Attacks

Email Threats in 2024 Are Evolving – How Advanced Threat Protection Keeps Your Business One Step Ahead of Attacks

The most common way that criminals gain access to your business is through malicious emails. This is often a phishing email, asking the recipient to change their corporate password with a link to a site, or to approve a parcel delivery, or in what’s becoming more common, scan a QR code on your phone to access a business application.

These risks are all real, and they are used to compromise businesses every day.

To make sure your business isn’t the next one in the headlines for all the wrong reasons, you need a strong and layered defense, that adapts and evolves with the ever-changing threat landscape.

In this article we’ll explore how Hornetsecurity’s email security services seamlessly integrates with your Microsoft 365 email services and protects you from simple, volume-based threats with smart tech, keeps you safe from advanced attacks such as spear phishing with Advanced Threat Protection (ATP), safeguards your users from malicious QR codes out of the box and if all of those layers fail, trains your users to spot and report malicious content.

We’ll go deep on ATP, without revealing details criminals can use to bypass your defenses.

Two Ways to Integrate With Exchange Online

There are two technical approaches to layer email security on top of Exchange Online in Microsoft 365:

  1. The first involves changing the Mail eXchanger (MX) records for your email domain (“”) in the internet’s Domain Name System (DNS) to point to our service. All incoming mail will pass through our services, providing a clean feed to your user’s inboxes.
  2. The second method is creating an application in Entra ID (formerly Azure Active Directory, AAD), the identity platform underlying Microsoft 365 and giving it specific permissions to the Graph Application Programming Interface (API) that exposes user mailboxes. This second approach allows additional flexibility, such as the ability to reach into user’s mailboxes after an email has already been delivered and deleting it, if the system has determined that something was missed in the original delivery scan and the email is now identified as malicious.

Hornetsecurity applies both methods, combining the best of both worlds for unsurpassed protection.

Dealing With Low Hanging Fruit

In our 2024 Cyber Security Report we saw that out of the 45 billion emails we scanned in 12 months, 36.4% were categorized as unwanted. That’s over a third of all emails that you want to keep out of your user’s inboxes. Out of that third, 3.6% were flagged as malicious.

Clearly you need a fast system to deal with the vast amount of junk quickly, which we do at the blocking phase, weeding out connections from known bad email servers, and traffic from known bad senders.

We have a 99.9% guaranteed spam detection and 99.99% virus detection, using 18 independent virus and phishing spam filters, and we scan both incoming and outgoing emails for spam, malicious URLs and viruses.

Hornetsecurity ATP - Stay ahead of email threats

Sometimes an email bounces, meaning it’s sent back as the address is unknown (or accidentally mistyped) which is useful for the sender to know. However, sometimes you get bounced emails because an attacker used your email as the sending address, we filter out these fake ones to protect against backscatter and bounce attacks.

It’s an Arms Race

The above services deal with most of the incoming undesirable and malicious emails. However, attackers spend a lot of time and effort changing their attack methods to bypass email filters. This is where ATP comes in.

One popular option is attaching an encrypted document to an email. Normally anti-malware engines can’t scan these and so might miss a malicious file, ATP uses Malicious Document Decryption to protect against this.

QR codes in emails is an attack type that’s gained momentum in the last few months, partly because QR codes are now such a normal part of life (restaurant menus, paying for car parking etc.), and partly because it moves the attack from the (often) corporate owned and managed PC to a user’s personal phone.

It neatly bypasses all the protections in place on the computer and the URL in the QR code often leads to a familiar looking login page. ATP has had built in QR code scanning for common file types (GIF, JPEG, PNG and BMP) for over a year.

ATP has many layers of protection such as the Sandbox Engine, which will open all attached files, identifying malicious attachments and if they are, the email is quarantined.

The Sandbox Engine looks at if the attached files show signs of detecting that they’re running in a VM or a sandbox, which is a dead giveaway that it’s malicious. It also uses a file system monitor to see if the attachment writes or alter files, a process monitor to see if the file starts a child process (popular in malicious Adobe PDF files).

There’s also a registry monitor to spot unusual values being stored in the registry (often used for persistence when the PC is restarted) and network monitoring to see if the document is trying to communicate with an endpoint on the internet, another unusual behavior for a document.

Memory is inspected from a forensic point of view (again, documents accessing memory in unusual ways is a strong indication that it’s malicious). Tying it all together is a Machine Learning engine that looks at the above signals, and over 500 indicators, and separates malicious files from benign ones with very high accuracy.

Freezing is another approach, if an email is suspicious, but not clearly classified as bad yet, it’s held back for a short time. New data may lead to a positive identification of a virus attachment for example.

All links in emails (URLs) are rewritten with a link to our secure web gateway, and scanned both when the email is received and when the user eventually clicks on it.

To work around this, attackers often include the links in attached files, which can’t be rewritten (it would alter the integrity of the document), but our engine still follows these links to verify if there’s any malicious payload on the target end.

One very important feature of cyber security tools is to let you know when bad things are afoot, and ATP provides real-time alerts when your organization is under a targeted email attack.

A related feature is Ex-Post alerts: if emails that have already been delivered are subsequently identified as malicious your IT team is notified.

As mentioned, these emails can be automatically deleted, but the user may already have clicked a link, or opened an attachment, so your response team might want to investigate these user accounts / devices further.

Human beings are still the weakest link, and our psychology is used against us when attackers employ social engineering tactics.

Our Targeted Fraud Forensics uses automated fraud attempt analysis and intention spoofing recognition to detect and prevent social engineering attacks.

It looks at the language of the email, looking for patterns that indicate malicious intent, espionage attacks, or if the text presents false facts to get the recipient to respond, as well as spotting forged sender identities.

Sending to the Right Recipients?

Another feature that’ll assist your overall email security posture is AI recipient validation, which will warn you if you’re including an unintended recipient, or if you’re missing a recipient that should have been included.

It’ll also warn you if the email contains sensitive information, like Personal Identifiable Information (PII), inappropriate wording or if you’re replying to a large distribution list. This analysis is done locally in the Outlook client, no data is sent to our service.

Of course, there’s a dashboard for administrators to see what warnings the users had, and what their response was, and an admin can also disable particular warning scenarios, exclude users from different warnings, and add external domains to be treated as internal ones.

Improving Your Human Firewalls

No protection system is completely foolproof, there will be times when a malicious email sneaks through your defences, at least temporarily, and this is where training your users is vital.

Many other services for this take a lot of administrator time, planning, scheduling, and following up with the users who fell for the simulated phishing attacks. Hornetsecurity’s Security Awareness Service is different, and is mostly set-and-forget.

Each user is tracked with an Employee Security Index (ESI), users who rarely click on simulated malicious links or attachments aren’t bothered with simulations, whereas repeat offenders receive more simulated attacks, as well as short, relevant video training content.

It also uses gamification to increase engagement amongst your users.

Stay ahead of the evolution of email threats in 2024 with Advanced Threat Protection from Hornetsecurity. Protect your business and your employees against sophisticated attacks. 

Don’t wait any longer; protect your email with Hornetsecurity and ensure the resilience of your digital assets.


Email is the most prevalent vector for attackers to compromise your users, and then used to further infiltrate your systems.

A comprehensive email hygiene service must deal with the easy threats, mass mailed spam and phishing, as well as advanced threats such as spear phishing and targeted email lures.

Hornetsecurity’s spam and malware filters, combined with Advanced Threat Protection, is the best defence. Add in the additional services such as AI Recipient Validation, along with Security Awareness Service and you have a winning combination.


How does Hornetsecurity's Advanced Threat Protection (ATP) detect malicious documents?

ATP uses malicious document decryption, a sandbox engine and a machine learning engine to inspect file behavior, registry changes, network communication and memory access, achieving high accuracy in distinguishing malicious files.

What happens if an email is suspicious but not clearly identified as malicious by ATP?

Suspicious emails are temporarily held back using a freezing approach. During this time, new data may lead to positive identification, and all links are scanned through Hornetsecurity’s secure web gateway before being delivered to the user.

How does Hornetsecurity's Security Awareness Service engage users in training without extensive administrator involvement?

The Security Awareness Service employs an Employee Security Index (ESI) to track user behavior. It automatically tailors simulated attacks and video training content based on individual responses, utilizing gamification to enhance user engagement with minimal administrative effort.

What Are Email Data Leaks and How to Prevent Them

What Are Email Data Leaks and How to Prevent Them

According to our research published in Cyber Security Report, email continues to be the primary communication channel for many organizations, with over 333 billion emails sent and received daily. Based on projections, that figure will increase to almost 400 billion daily by 2026.

This means that more cyber-attacks are being spread via email. While it may seem like a simple thing, we need to make sure we know how to use email properly, what we’re sharing and who we’re sharing it with.

This article is about email leaks and how to prevent them.

What Is Data Leak? Why Do Data Leaks Happen?

A data leak is when sensitive data is exposed to someone(s) not authorized to see it. Data leaks can occur for two reasons: cybersecurity attacks and inadequate security measures.

Sensitive data includes Personal Identifiable Information (PII) and business data such as project plans, financial details, software code, and other similar types of data.

Personal Identifiable Information (PII) is any data that can be used to identify someone such as their first and last name, email address, phone number, passport number, driver’s license, social security number, and other personal information.

Malicious Methods That Cause a Data Leak

Attackers use various malicious methods that cause data leaks. Individuals or groups employ various methods to trick end users into gaining access to their data. Three common methods are phishing attacks, malware attacks, and brute-force attacks.

Malicious Methods That Cause a Data Leak

Phishing mail attacks are one of the most common malicious methods we see nowadays. According to our Cyber Security Report, almost 40% of attacks are delivered via phishing mails. We often see viruses or other types of malwares integrated into different file types, including Word, Excel, PDF, and archives.

Hackers develop sophisticated emails that look like the real thing and trick you into opening malicious links or attachments to gain access to your network. Phishing attacks are used in combination with social engineering to trick people into revealing their sensitive data by impersonating people.

Phishing attacks are carried out via email, SMS, voice and QR code scams.

Malware is a second method attackers use to try to penetrate your network. It is a broader term that covers various malicious software. This includes viruses, trojans, worms, ransomware, spyware, adware, keyloggers and more. According to our Ransomware attacks survey, 1 in 4 (23.9%) IT professionals say their organization has been the victim of a ransomware attack.

The best protection is Endpoint Detection and Response (EDR) on end user devices, strict firewall rules and security solutions that block internal and external malicious activities. You can read more about malware attacks here Malware vs. Viruses: Understanding the Threat Landscape.

In third place is a brute force attack. In such an attack, your username (email address) is loaded into brute force software, which then attempts to guess a password based on various password combinations stored in dictionaries. Dictionaries can be found for free on the Internet. The best practice here is to have a strong password and use multi-factor authentication.

Poor Security Practices That Cause Data Leaks

There are various reasons for data leaks.

First and foremost is a poor security culture. Your credentials are the first layer of attack. Never use weak passwords to protect your online accounts. If you are an IT administrator, you should enforce a password policy that prevents the use of weak passwords. You can read more in the next section.

When you log in with your account on a shared computer in your company or in public, always make sure that you have logged out. If you don’t and someone else, hypothetically a malicious person, gains access to your email, it could lead to a data leak.

If you are staying in a hotel or your favorite cafe, you should be very careful about which Wi-Fi network you use. There are many scenarios where a malicious person will try to eavesdrop on traffic on an open network.

The best thing to do is to set up a mobile hotspot and use the internet via your cell phone. You can also train your users to use a VPN for every connection, although this does carry the risk that a user might forget to use it on an untrusted network.

An inadequate security measure may also be that someone has unintentionally sent an email to the wrong external email address (misdelivery). Even a second of unintentional action can lead to significant problems for us.

This happens when a user accidentally sends sensitive information to the wrong email address. According to Verizon Data Breach Report 2022, there were 715 incidents, 708 with confirmed data disclosure, that compromised personal, medical, financial, and other data.

Double-check to whom you are sending your email.

If you are using a bad password or a single password for more than one account, please change it immediately. Each account should have a different strong password. Now you are probably going to say how to memorize it!? You don’t need to see below.

Other bad practices usually relate to infrastructure and inadequate policies. You can find out more about this in the section “How to prevent data leaks”.

The Dangers of Bad Password Hygiene

Despite cybersecurity experts and companies advocating for a strong password culture, passwords in many organizations continue to be the weakest link. According to the Specops Breached Password Protection list, there are 2 billion breached passwords, and that number is increasing daily.

It is the responsibility of IT teams to enforce password policies in companies. This primarily includes the use of complex passwords with lower and upper-case letters, numbers and special characters.

Different security solution providers give different recommendations on the number of characters a password should have. The general rule of thumb is that more characters are better. Do not use less than 12 characters.

In the past we often enforced frequent password changes (every 30 days was popular). This has proven to be counterproductive, and both NIST in the US and GHCQ in the UK now recommend not to enforce frequent changes.

This just leads to people picking easier passwords and attaching the number or the name of the month to the end of their passwords for example.

You should also introduce a password history policy to prevent the reuse of old passwords. According to an Online Security Survey conducted by Google, 65% of people reuse their passwords. This is a major security issue.

In addition, you can introduce other password policies such as lockout policies, disabling accounts that are not being used, introducing multi-factor authentication (MFA), assessing password strength, monitoring account access, introducing SSO and others.

The bottom line is that today, just using a username and password for identifying a user isn’t adequate, wherever possible you must use strong authentication such as MFA, including phishing resistant MFA such as FIDO 2 hardware keys, or biometrics such as Windows Hello.

These measures stop 98%+ of all identity-based attacks.

One of the most common mistakes of poor password hygiene is sharing login credentials via email. Imagine if someone were to gain access to your email and find your password? This would mean that a malicious person would be able to compromise your integrity and your data.

Implement Password Managers

Don’t write down your password on sticky notes, notes or anywhere else. It’s best to use a password manager and store your passwords in secure and encrypted password vaults. Whenever you need your password for a service or device, log in to your password manager, copy it and then enter it.

Password Managers also provides you with extensions for your favorite browsers that allow you to retrieve your password when you need to log into your account.

This practice benefits users at all levels, from end users to IT administrators who manage many different systems.

What Should I Do if I Find My Address in an Email Leak?

If you find your address in an email leak, you should immediately change your password. A new password should follow the policy introduced in the previous section.

What Should I Do if I Find My Address in an Email Leak?

Use Password Managers to store your password, don’t store it written or printed on paper, stored in .txt or any other files on your machine, or shared via email. Password Managers are designed to do it most securely.

In case of email leaks that happen in organizations, you should inform relevant stakeholders and check if there were any suspicious activities done on affected services.

Note: Do not ignore security breach notifications, ignoring would put your account and data at risk.

How can I know if my account was leaked?

According to haveibeenpwned, as of November 2023, there are over 12 billion accounts leaked. If you want to check if your email or account was leaked, navigate to, enter your email address, and click Pwned?

You can also subscribe (for free) to get notified when future pwnage occurs and your account is compromised, there are also options for organizations to monitor their entire email domain, instead of just individual accounts

';--have I been pwned?

How To Prevent Data Leakage

From an IT management point of view, you should introduce access control and define who is allowed to do what. One of the most important measures is to introduce access control with minimum authorizations.

Your data should be encrypted regardless of where it is stored, both in transit and in storage. Even if a malicious person gains access to the data, they cannot read it.

Security is a shared responsibility. Make sure that you implement strong security protection on your network and endpoints and that your employees are trained in handling the data.

In addition, you should ensure continuous monitoring and logging of all activities that take place internally or externally on your services.

Please note that data leaks are not a one-off event, but an ongoing process that requires strong technology and employee awareness.

Many websites or client–server communications do not use TLS (SSL) certificates. This means that the communication between you and your server is in plain text and can be intercepted and read by a criminal.

Make sure that your website uses certificates, that communication is encrypted and that you renew them on time. Better yet, automate the process using a service like letsencrypt which not only ensures your certificates are renewed on time, but also offers free certificates.

Make sure your infrastructure is always up to date at the physical and application level and patched with the latest updates. If our systems are not patched with the latest security updates, this poses a major security risk that can be exploited by attackers to gain access to our network.

To maintain security measures, you should apply compliance regulations and industry standards to prevent data breaches. Some of the factors that can lead to a data leak are shadow IT, poor data processing practices, lack of encryption, poor BYOD (Bring Your Own Device) practices, inadequate employee training and others

How Hornetsecurity Can Help You Stay Protected Against Data Leaks

According to the World Economic Forum – The Global Risks Report 2022, 95% of all cyber security breaches are caused by human error. Malicious people (read hackers) try to exploit human psychology using phishing and social engineering.

To prevent it, organizations need to provide continuous training to employees on how to use technology and prevent data leaks.

That is where the Hornetsecurity Security Awareness Service comes into play. Security Awareness Services provides fully automated awareness benchmarking, spear-phishing simulation, and E-Training to sensitize and protect employees against cyber threats. Practically speaking, you can train and then challenge your employees by simulating sophisticated email attacks.

Service Awareness Service provides ESI (Employee Security Index) that continuously measures and compares employee security behavior across the organization and offers individual training needs.

Awareness dashboard in the control panel

Security Awareness Service also provides an e-learning hub for employees where they learn security content on how to handle phishing attacks in multiple languages.

That is not all.

Hornetsecurity provides several solutions that help you strengthen your security and prevent data leakage including fully automated, secure, and effective email encryption, the cloud-based corporate email platform with integrated spam and malware protection, email archiving service to ensure email data integrity & compliance for M365 and other email servers, powerful spam filtering and malware protection to stay ahead of cybercriminals and more.

You can read full insights into different Hornetsecurity solutions that help you stay safe. You can read more here Email Cloud Security Services from Hornetsecurity.

Remember, the best way to protect against malicious methods is to have a proper understanding and implementation of IT Security.

To properly protect your cyber environment, use Hornetsecurity Security Awareness Service, and Advanced Threat Protection to secure your critical data.

We work hard perpetually to give our customers confidence in their Spam and malware Protection, Email Encryption, and Email Archiving strategies.

To keep up to date with the latest articles and practices, pay a visit to our Hornetsecurity blog now.


Data leaks are a constant challenge that occurs in many organizations. There are two reasons for this. The first is when users accidentally share data by sending sensitive emails to the wrong email address or forgetting the USB stick with the data in a public café. The second is when malicious people attack our infrastructure with malware.

There is a solution for both cases. IT teams should implement strict security mechanisms from the physical to the application level, strict access control and good password policies and enforce MFA for all user accounts

Security is a shared responsibility. Employees should be trained in the proper handling of emails, passwords and anything that could put data at risk.

Hornetsecurity offers an e-training and security awareness service platform that allows you to educate and challenge your employees by exposing them to fake phishing attacks that look like real attacks.

In this article you learned all about data leaks and how to prevent them.


What happens if data is leaked?

When sensitive data is leaked, it can have various consequences, such as privacy issues, financial losses, reduced customer satisfaction and business disruption. If our data is exposed, especially if we are vendors, it has a negative impact on our reputation. Any data leak should be taken seriously, and we must take all preventive measures to stop it.

Is it bad to leak your email?

It is considered bad and risky to pass on your e-mails. Malicious people can use them to target you with phishing and social engineering attacks. To protect your email, you should use or enforce a strong password and enable multi-factor authentication.

What does it mean when your password has been in a data leak?

If your password has been leaked, it means you are in trouble. A malicious person could access all of your online services that use this password and thus obtain and expose your data. If you use the same password for multiple services, a malicious person could try to access all services and compromise your reputation and the integrity of your data.

What do email hackers look for?

Hackers or hacker groups are looking for data with which they can blackmail you, demand money or pass on your data to third parties who could be of use to them.