Email security issues plague the majority of modern organizations regardless of size or data maturity. With over 300 billion emails sent daily, hackers have no shortage of weak links to exploit.
A recent study by Verizon found 94% of malware is delivered via email with phishing taking the number one spot for most common cyber attack accounting for more than 80% of reported incidents.
Small- and medium-size businesses are involved in 28% of breaches and with email being the channel of choice for exploitation, it is imperative that businesses implement clear guidelines to help employees navigate today's new digital security risks. A little bit of foresight can yield tremendous benefits including data breach prevention, securing sensitive data and protecting your company’s reputation.
Email Security Best Practices
Never assume that every employee knows and understands email security best practices. This seemingly small oversight can result in significant financial losses for organizations and proportionately impaired business operations, which can be very difficult to correct or recover from. Here are the top ways modern employees can fortify their email security and ensure their digital safety.
1. Use Secure Devices
While BYOD (Bring Your Own Device) policies are currently popular among employers for saving time and money, such devices can compromise data security. Using secure devices is the key to preventing data breaches. When employers provide these devices, they can control the security settings, install the necessary security software, and prevent employees from downloading risky apps.
By keeping devices clean and secure, it's possible to prevent a cyberattack even if an employee makes a mistake by downloading malware.
If employees are allowed to use their personal computers at work, make sure they closely follow security guidelines.
2. Demonstrate Good Password Hygiene
Bad password hygiene is a common reason for email security failure. People tend to set passwords like qwerty, 12345, password, or 12345678 because they are easy to remember, but that also makes them easy to hack. Many people also frequently use the same password across multiple platforms, making it simple for others to gain access to multiple profiles. It’s best to use new, complex passphrases for each profile. To prevent email breaches, clearly integrate safe password practices in the workplace.
3. Implement Multi-Factor Authentication
Multi-factor authentication is a quick and easy step to take when increasing email security. Since employees will most likely not do this on their own, instate a clear company policy that illustrates how to set up multi-factor authentication step-by-step. Lock down all corporate email accounts with two-factor authentication and make sure employees can't change the settings.
While setting up multi-factor authentication, keep in mind not to use real answers for authentication recovery questions. Many recovery questions involve information that is easily accessible online such as your mother’s maiden name. Use fake answers to safeguard against hackers and stay one step ahead of those pesky scammers.
4. Sign Out of Email Accounts
Data breaches aren't always related to cyberattacks. Some of the most damaging data breaches happen internally. According to the 2020 Cost of Insider Threats: Global Report, over the last two years, the number of insider incidents has increased 47%. What’s more eye-opening is a staggering 60% of organizations suffered over 30 incidents per year.
If an employee leaves a device unattended while logged into email, another person can take advantage of the situation. In some cases, such breaches can happen from within the company.
The same issue can occur if browsers remember email login credentials. When this happens, even if a user logs out, another person can log in automatically because usernames and passwords are saved.
Signing out of accounts and locking devices whenever employees leave their desks is key for stopping bad actors.
5. Participate in Phishing Awareness Training
Only 60% of organizations provide formal cybersecurity education to their users. That’s alarmingly low. The lack of formal training, and lack of focus on email security undermines organizations’ security postures.
Meanwhile, email is the top channel for bringing malicious software to devices. Phishing awareness training programs are great for including employees - from every department and at all levels in the organization - in an active security protection role. In order to effectively combat phishing attacks, education is key. Common elements of phishing emails include:
- Intense language in the subject line
- Unknown addresses in the "from" field
- Urgent language in the body copy
- Suspicious links
- Impersonal sign-off
- Zip files in attachments
The easiest way for a hacker to access confidential company data is through clicking suspicious links. Employees should adhere to this basic guideline: If the link is sent from an unknown or suspicious sender, don’t click on it.
While the most important part of the training program involves educating employees on the dangers of suspicious emails, employees can also feel empowered and protected during a time of cunning and crafty coronavirus-themed scams.
6. Follow Email Use Guidelines
Using corporate email addresses to send personal messages shouldn’t be allowed. Minimize the chance of hackers targeting the organization's email system by limiting the number of contacts being communicated to, and making sure those contacts are accurate and only business-related. Make sure company guidelines reflect today’s new digital landscape by including expectations surrounding personal devices, security protocols and incident reporting. In the event of a security breach, make sure all employees know who to contact.
Employees can be the biggest security threat to an organization so keep in mind this simple best practice: Like oil and water, business and personal emails don’t mix.
7. Avoid Using Public Wi-Fi
With so many employees working remotely now, remote work security guidelines are crucial. One of those guidelines should address using public Wi-Fi. Public Wi-Fi is rarely secure because information sent over the airwaves can be seen by others. All a hacker needs to access an email account through public Wi-Fi is a laptop and basic software.
Using a VPN when connecting through public Wi-Fi can minimize the chance of a data breach. Keep in mind that not every employee will remember to turn this option on, so best practice is to avoid using public Wi-Fi all together.
8. Consider Transport Level Encryption
Transport level security (TLS) involves encrypting email messages right after they are sent. This way, even if hackers intercept the email, all they get is a number of meaningless characters.
TLS brings a host of other benefits as well. In terms of data integrity, TLS ensures that all data transmitted will reach its destination without any losses and is also far more secure compared to SSL.
Keep Your Emails Secure
By exercising these email security best practices, you can help avoid costly and un-necessary expenses, legal issues, and downtime associated with data breaches. With these tips in your tool belt, you can sleep easier knowing that your data, business assets, and employees are safe in today's digital world.
Ready to find out if your SMB is truly secure? Start by assessing your organization’s existing security in order to develop a strategy for a strong cyber security plan tailored to your needs.