If you’re concerned about the impact that data theft and ransomware could have on your business, it’s important that you secure every aspect of your network. Unfortunately, email security is often skipped over when addressing a network’s security.
We’re collated some best practices for securing your email. It is recommended that all your staff read this guide. While there are some techniques at the network level to protect yourself, the best security is vigilance.
1. Use Strong, Unique Passwords
Sometimes the oldest solutions are the best, the first step in securing your email is to choose a good password. Make sure the password you use is not used for any other logins. Your password should include:
- capital letters
- special characters (e.g. !,&,*,$).
If you have difficulty thinking of or remembering passwords, consider using a password manager such as LastPass.
2. Use Multi Factor Authentication
Multi-factor/two-factor authentication (MFA/2FA) refers to the use of extra information to access your account aside from the usual username/password combo. For example, after entering your password you may get a text to your mobile phone with a 4-digit code to enter before you can access your email.
This small extra step makes your email far more secure. In order to access your email, an attacker would now need:
- Your email address
- Your password
- Physical access to your mobile phone
- The password to your phone (if locked)
If you are using Office 365 or Gmail there are option within the settings to easily turn MFA on. Otherwise, discuss the options with your managed IT provider.
3. Use A Good Spam Filter
Make sure you have a good spam filter and that it is switched on. Cloud-based email platforms such as Gmail have very advanced spam filters which are successful at blocking most of today’s spam emails.
4. Be Careful of Phishing Emails
Phishing emails are emails which appear genuine but are actually from a hacker. They may include links to malicious software, or they may be trying to exfiltrate sensitive data by convincing you to disclose sensitive business information. Be aware of the techniques used by these attackers and the tell-tale signs of a phishing email. Including:
- Poor spelling/grammar
- ‘Too good to be true’ offers
- Emails that are rushing you or present you with limited time
- Emails claiming to be from within your organisation but lacking your businesses email signature.
Phishing emails are sometimes sent to thousands of recipients at one time or are sometimes tailored to trick one specific employee (this is called “SpearPhishing” and normally targets executives, system administrators or CEOS).
5. Never Open Attachments Without Scanning Them First
Consider investing in email antivirus or malware scanners to automatically scan all email attachments as they arrive. This helps to keep your email secure and protects the rest of your network infrastructure from malware.
6. Keep Business and Personal Email Separate
Your employees should have clear boundaries of what your business email is and is not to be used for. Not only should employees not use corporate email to communicate with friends, they also should not use personal email to communicate with clients. In order to facilitate this, consider procuring business mobile phones to make the separation between work and home life clearer. This will not only benefit your email security but is also beneficial to your employees’ overall wellbeing.
7. Don’t access your email over public WIFI
In a fast-paced world, it can be tempting to check our email wherever we are, but that can leave our email open to be spied on if we are viewing it via an insecure connection. Public WIFI can be dangerous as you are never sure who owns the connection you are using and whether they are monitoring it. If this is a situation your employees find themselves in often, consider investing in a corporate VPN to allow them to connect to your system securely.
Now that you are aware of the best practices for email protection, you should be in a better position to protect your business. Be sure to share this knowledge with your employees and co-workers, it only takes one weak link in an organisation to expose the whole network infrastructure to threats.
Combining these best practices with other security measures and a comprehensive disaster recovery plan will provide your business with the best overall protection.
If you are concerned about the security of your email and would like to know about more involved solutions like encrypted email, consider contacting a well-reviewed managed IT support provider who will help you to secure your entire network.