Despite the rise of instant messaging and other popular alternatives, email still reigns supreme in the business world. A quarter of the world’s 2.5 million email accounts are business-specific, a figure that’s expected to reach 2.9 billion by the end of 2021. Meanwhile, the average office worker is estimated to send around a staggering 121 emails per day!
That’s great news for the bosses of Outlook and Gmail and for people who rely on them. The fast messaging service. However, it also opens the door to unwanted security breaches and the potential for hackers to cause serious harm to your business.
Future-proofing your workforce is so important. We’ve seen how unexpected events such as government shutdowns have affected cybersecurity. That said, here are some email security best practices you should follow.
Be Aware of Phishing & How to Protect Yourself
Phishing refers to the act of using emails often disguised as coming from a legitimate company, maybe a bank or a commonly used service, to hack into a system. Phishing emails vary in sophistication. Some are easy to spot as they contain obvious spelling mistakes, poorly created graphics, or have been formatted in an unconvincing way.
Unfortunately, many phishing emails nowadays are incredibly sophisticated. Rather worryingly, these more convincing attacks are also on the rise. A 2020 article revealed that in a survey, 53% said they had witnessed an increase in phishing since the start of the COVID-19 pandemic.
The image below shows a phishing email with a sender posing as Netflix. Since Netflix has 207.64 million users worldwide, the chances of drawing potential victims in are huge. The email sender claims a routine payment has not gone through and asks the user to click on a malicious link to activate it.
So, what can you do to protect your business from this threat?
Firstly, consider using a Secure Email Gateway as your primary line of defense.
These automatically scan emails for potentially dangerous links and stop them from being sent in the first place. Prevention is often far better than a cure after the event.
Hold Cybersecurity Awareness Trainings For Your Employees
The next step is training. It’s time to get your employees up to speed so that they’re well-prepared for any potential phishing emails that could make their way past your Secure Email Gateway systems.
This is especially important for smaller businesses. Logic would dictate that the fewer employees you have, the less chance of being phished. But the reality is quite the opposite.
According to Clearedin, smaller companies are less likely to have anti-phishing software in place, opening the door further to attacks.
Therefore, training is of the utmost importance. Being taught how to move suspicious emails straight into junk folders is a good start. We have an excellent blog post that deals specifically with cybersecurity training for employees that you can check out right here.
You should also follow these four steps when conducting training sessions for your employees:
- Insist that all employees use strong passwords for all accounts (often including a combination of upper and lowercase letters, as well as numbers and symbols).
- Ask all employees to update these ‘harder to crack’ passwords regularly.
- Don’t encourage the opening of business emails on mobile phones.
- Encourage employees to keep private and business emails strictly separate.
Learning how to identify phishing emails is also critical. Train employees to look out for obvious signs, such as clear spelling mistakes, and the sender’s email address is public.
Also, tell them to watch out for links to unrecognized sites and impersonal opening lines, such as “Dear Sir”, or “Dear User”, rather than personal names. GRC eLearning has a great PDF blog for specific training on this here.
As an added protection, ask your employees to create a new Gmail account. Gmail has great spam filters in place, making it more effective and reliable than Hotmail or Outlook.
Use Two-Tier Authentication
It might sound like tech jargon, but two-tier authentication is simple. Don’t worry.
It involves adding a coating of protection to all of your business emails. When a two-tier authentication system is in place, a potential hacker will still need to use a code to gain access to your system even after they guessed their way through the first password stage.
That code is usually sent to your phone after the first password is typed correctly.
You often don’t even need specialized software to have this kind of system in place. Most email clients allow you to add two-factor authentication easily.
Use Strong, Unique Passwords
The days when people used the most basic of passwords–’1234’, your name, or the actual word ‘password’—should have been gone by now.
But, unbelievably, many people still use the above as their only line of defense against hackers. Believe it or not, the most common password of 2020 was ‘123456’. It was used by a staggering 2.5 million people worldwide.
To maximize the effect of your email security best practices, strong passwords are an absolute necessity. You can use password protection software to generate and store passwords. You can find an article reviewing some options here.
A password with complex letters, numbers, and symbols cannot be guessed. A hacker would have to run specialized software to figure it out. Very strong passwords could take software up to 500 years to work out, running non-stop (making them essentially impossible to crack within your lifetime!).
Follow these dos and don’ts to ensure rock-solid password peace of mind:
- DO use special characters and numbers.
- DON’T use any information that is personal to you, such as birthdays, anniversaries, pet names, schools, or even sports teams.
- DO use upper and lower case letters.
- DON’T think in terms of words – think in terms of phrases.
- DO use random letters and numbers instead of words.
- DON’T use common letter/number substitutions.
Be smart, use your common sense and make life as hard as possible for any potential hackers. Many passwords are ineffective because the user is too lazy to think of anything complex. Don’t be that person. It’s not worth it!
Ensure Better Password Management
Here’s a fundamental element to email security best practices: better password management. This doesn’t just involve making sure both you and all your business’s employees are using tough to crack passwords. It also involves better password storage.
Consider using a password management system. It helps employees to easily and quickly use super strong passwords and also highlights employees with weak password techniques. It also acts as a vault for passwords. So, employees won’t have to write those down on a piece of paper and risk getting hacked if some bad person chances upon it.
Systems such as Keeper or 1Password for Business are seriously worth investing in. It’s hard to put a price on peace of mind for your company’s safety.
Utilize an Antivirus Program
Antivirus software is your best bet at stopping viruses and malware in its tracks before it has the chance to cause damage. It’s another excellent addition to your list of email security best practices.
Malware often hitches a ride on scam phishing emails and then does its damage once clicked on and opened. Antivirus software scans these emails for evidence of malware and makes it easy for you to remove them if found.
The best antivirus programs don’t just scan attachments for malicious attachments before you open them. They also scan your incoming emails to check for suspicious activity as they arrive at your inbox.
This level of protection often requires a monthly subscription, but again – can you put a price on the safety of your business? Consider programs with a strong reputation for reliability and effectiveness, such as Kaspersky or Bitdefender.
Your business should also set up its cybersecurity policy to help prevent future attacks. We’ve got a really in-depth blog post on this that you can read up on here.
Ultimately, the best approach to email security best practices that work is a multi-pronged approach.
The combination of greater awareness of the dangers of phishing (and the education of your employees on the matter), along with the right software in place, gives you the best possible chance of protecting your business from scammers.
Putting as many lines of defense in place as possible makes it harder for the hackers to get through. Use the advice we have highlighted in this blog post to protect your business from harm for good.
We wish you the best of luck with the future of your business, and stay safe!