email security Despite the rise of instant messaging and additional general alternatives, email still reigns supreme in the business world. It is now estimated that the average office worker sends around 121 emails per day. A quarter of the world’s 2.5 zillion email accounts are company-specific, and by the end of 2021 the number is expected to rise to 2.9 billion.
The fast courier service. This is great news for Outlook and Gmail leaders and the people who rely on them. However, it also opens the door for unwanted security breaches and the possibility for hackers to cause serious damage to your business.
Preparing your employees for the future is very important. We’ve seen how unexpected events like government shutdowns have impacted cybersecurity. With that in mind, now are some best email security practices.
Table of Contents
Be wary of phishing and how to protect yourself
Phishing is using emails, often disguised as coming from a legitimate company, such as a bank or utility company, to hack into a system. Phishing emails vary in sophistication. Some are easy to spot as they cover obvious misspellings, poorly designed graphics, or unconvincing formatting.
Unfortunately, many phishing emails today are incredibly sophisticated. Disturbingly, these more persuasive attacks are also increasing. A 2020 article revealed that in a survey, 53% said they had seen an increase in phishing since the start of the COVID-19 pandemic.
The image below shows a phishing email from a despatcher affectation as Netflix. Since Netflix has 207.64 million users worldwide, the chances of attracting potential victims are huge. The email sender claims that a regular payment has not been made and urges the user to click a malicious link to activate it.
So what container do you do to protect your business after this threat?
First, consider using a secure email gateway as the first line of defence.
These automatically scan emails for potentially dangerous relations and prevent them from being sent in the first place. Prevention is often far better than cure after the event.
Conduct cybersecurity training for your employees
The next step is training. It’s time for your staff to update themselves so they are well prepared for potential phishing emails that could pass through your Secure Email Gateway systems.
This is especially important for smaller companies. Judgement would dictate that the fewer employees you have, the less likely you will be hit by phishing attacks. But the reality is the opposite.
According to Clearedin, smaller businesses are less likely to have anti-phishing software, which opens another door to attacks.
Therefore, education is of paramount importance. Learning to move suspicious emails directly to spam folders is a good start. We have a great blog post dedicated specifically to employee cyber security training, which you can check out here.
You should also observe these four steps when conducting training courses for your employees:
- Ensure all employees use strong passwords for all accounts (which often contain a combination of uppercase and lowercase letters, numbers, and symbols).
- Require all employees to update these “harder-to-crack” passwords regularly.
- Don’t encourage opening commercial emails on mobile phones.
- Encourage employees to separate personal and business email strictly.
It’s also important to learn how to recognize phishing emails. Train your employees to look for obvious signs, such as obvious misspellings, that indicate the sender’s email address is public.
Also, tell them to look for links to unfamiliar websites and impersonal opening phrases like “Dear Sir” or “Dear User,” not people’s designations. GRC eLearning has a great PDF blog for specific training on this topic.
For extra protection, ask your employees to create a new Gmail account. Gmail has excellent spam filters, making it more effective and reliable than Hotmail or Outlook.
Use two-factor authentication
It might sound like jargon, but two-factor authentication is simple. Don’t worry.
It’s about adding a layer of protection to all your business emails. When a two-factor authentication system is implemented, a would-be hacker still needs to use a code to gain access to your system, even after guessing through the first level of the password.
This code is usually sent to your phone after correctly entering the first password.
Often you don’t even need special software to implement this type of system. You can easily add two-factor authentication to most email clients.
Use strong and unique passwords For email security
The days when people used the simplest of passwords (‘1234’, your name, or the actual word ‘password’) should be long gone.
But incredibly, many people still use the above as their only line of defence against hackers. Believe it or not, the most shared password of 2020 was “123456”. It has been used by a staggering 2.5 million people worldwide.
Strong passwords are an absolute must to maximize the impact of your email security best practices. You can use password protection software to make and store passwords. Here is an article that describes some options.
A password with complex cultures, numbers, and symbols cannot be guessed. A hacker would have to run special software to solve it. Very strong passwords can take up to 500 years for the software to work and run indefinitely (making it virtually impossible to crack during its lifetime!).
Follow these pros and cons to ensure the certainty of a rock-solid password:
Use special characters and numbers.
DO NOT include personal information such as birthdays, anniversaries, pet names, schools, or even sports teams.
- USE uppercase and lowercase letters.
- Do NOT think in words, but in sentences.
- Use random letters and numbers instead of words.
- DO NOT use common letter/number substitutions.
Many passwords are ineffective because the user is too lazy to think of anything complex. Don’t be that person. That’s not worth it! Be smart, use your common sense and make life as difficult as possible for potential hackers.