Email remains one of the biggest cyber security threats for businesses of all sizes. Attackers are constantly finding new ways to exploit email and failure to follow the best email practices leaves you at risk.
Email has become a key pillar of our digital identity. Email is commonly used as a route into corporate networks to spread malware, such as ransomware, and spam, as well as other attack vectors like phishing.
If bad actors gain access to your email account, they can use that email access to change passwords and gain access to your other accounts including social media, finance, digital identity and purchase or credit impersonation, among others.
Most companies rely on email correspondence as a primary means of communication even when it comes to sharing classified information like customer account numbers, employee credentials, and confidential negotiations.
These communications made via emails may not be as private as you think, a single negligent employee’s action might break the safety and security of the entire organization.
When you send a message, you no longer have control over what is done with it or to whom it is forwarded.
Sensitive information such as passwords, bank account numbers and social security numbers should never be sent via email. Legitimate companies like your bank would never ask for personal information in an email.
To prevent cyberattacks, organizations must ensure that their workforce is sufficiently vigilant about email security and safety etiquettes.
We all have a part to play in information security, and practicing proper email hygiene is a key factor in securing your online accounts and your digital identity.
Below are some of the best practices for your business to implement to be proactive in protecting your email accounts and ways to enhance your email security.
1. Use Strong, Secure Passwords
We can’t underrate the importance of a strong email password while talking about email security tips.
Your business must implement a robust password policy to ensure that all the employees are using strong passwords and changing them on a regular basis.
It’s recommended to change passwords at least every 60 days, particularly if you currently view and manage your email on a public computer.
Here are password tips that will give you maximum security for your email account:
- Use a unique, hard-to-guess, passphrase instead of a basic password.
- Use a mix of alphabets in lower and upper case, numbers, and special characters, as those passwords are harder to break.
- Don’t use the same password for all your accounts, use a variety.
- If you find it difficult to memorize passwords, use password manager. Never write down passwords on your devices or store them in files, if you must, write them on a piece of paper and store it in a safe place.
- Enable two-factor authentication (2FA/MFA) everywhere you can for an extra layer of security. Many organizations have started using SMS codes or authenticator apps for employee logins as a secondary authentication to passwords.
- Change your password if you notice any suspicious activity.
- Never share your password with anyone.
- Refer to the FTC Password Checklist for current guidelines.
- Visit https://haveibeenpwned.com/ to check if your email or phone is in a data breach.
2. Cybersecurity Awareness Training & Enforce Email Policies
A large amount of businesses suffer from staff-related security breaches, with half of them caused by human error.
Empowering your employees to recognize common cyber threats can be beneficial to your organization’s computer security.
Security awareness training teaches employees to understand vulnerabilities and threats to business operations.
Organizations must invest in security training sessions that make employees prepared to manage information security risks.
An employer needs to be more certain that their staff is aware of how to handle the sensitive data on their devices and the risks that are associated with information security.
The critical information might fall into the hackers’ hands if the organization fails to provide its staff with effective cybersecurity awareness and capabilities.
Organizations should also create and maintain a documented policy for email usage and instruct employees to adhere to that policy.
Employees must be aware of emailing procedures that satisfy data safety requirements such as, what kind of data can and can’t be sent via emails, who are authorized to send company sensitive information, and what kind of files should not be downloaded.
3. Use Encryption
Unencrypted emails remain vulnerable to phishing attacks and can lead to serious data breaches.
Instruct employees to use an encrypted ZIP file and share the password with the recipient separately whenever they send any sensitive information via emails.
This gives an additional layer of protection to email correspondence and stops online intruders from unauthorized access to email content.
Remember, effective encryption practice starts again by choosing a complex password for decryption.
4. Review Email Provider’s Account Settings & Security Features
Review your email account settings associated with email forwarding, security and privacy on a regular basis.
Viewing the spam or junk mail settings and filters your email provider has in place, you can find out your level of security and make adjustments as needed.
These Email features may include:
- Informing you of suspicious login or login attempts
- Enhanced password change requirements
- Enabling a trusted recovery contact
- Extra authentication to protect your account
Be on the lookout for suspicious inbox activity, such as missing emails or a large number of unexpected emails from third parties. When in doubt, secure your account!
5. Be Cautious Connecting To Open WiFi
When you’re connected to a public and open WiFi network, there is increased potential for hackers to access your accounts. It’s best to avoid connecting to these networks entirely.
If you do connect, don’t sign into any accounts with sensitive information stored. Best practices suggest using a secure Virtual Private Network (VPN) connection or a trusted, secure WiFi connection when accessing your personal accounts.
6. Don’t Open Suspicious Emails & Never Click The Links
Attachments can contain viruses like malware, which can seriously damage your computer. Don’t open an attachment unless you know who it is from & are expecting it.
If you receive an attachment from someone you don’t know, don’t open it. Delete it immediately.
Hover your mouse over links before you click on them to see if the URL looks legitimate. Instead of clicking on links, open a new browser and manually type in the address.
Replying to these emails, clicking on links within them, or even unsubscribing from spam emails typically only informs the sender that they have found an active email address to which they’ll send more spam emails.
Using spam filters can help you keep spam emails from your inbox or flag them so you are aware of them.
Depending on the software and configuration, some spam filters can automatically eliminate junk emails and block web bugs that track your activity and system information.
If it seems fishy, it probably is. Report the message as spam and move on.
7. Lookout For Phishing Emails
Refer to the FTC Phishing Awareness Page for current guidelines. Common Phishing tactics or identifiers might include:
- A proactive request for sensitive information, like social security numbers that you did not initiate.
- Spelling or grammatical errors.
- Urgent instruction to click a link, attachment, or download a file, even if it looks legitimate. This false sense of urgency may be in the form of threatening to shut off service or a reward that must be claimed immediately.
- Messages originating from unfamiliar email addresses or a domain that does not match the sender (ex: Look out for “domain.com” vs. “d0main.com” or “domain.com.xyx”).
- Pro tip: hover over the sender’s name to confirm the email address, and look out for minor typos.
- Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments.
- As a best practice, if you feel a message might be Phishing, do not respond to it or click any links within.
Forward phishing emails to email@example.com (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme.
8. Use Antivirus Software
Hackers use sophisticated methods to obtain unauthorized access to sensitive information.
Keep your email systems patched and use updated anti-virus software that scans both incoming and outgoing emails to prevent viruses, malware, trojans, and any other potential threats.
Scan all email attachments with an antivirus program before downloading, even if they come from someone you know.
Make sure it’s updated continuously with the latest virus definitions to defend against newly discovered vulnerabilities.
9. Avoid Unsolicited Bulk Mail
Unsolicited bulk email messages can fill up your mailbox and become extremely frustrating. To avoid this:
- Don’t give your email address to sites you don’t trust.
- Don’t post your email address to public places online like message boards, comment boards, or even your personal website.
- Keep your personal email private except from people that you really want to hear from. You can set up a second email account for registering for public websites.
- Use an alternate email address when buying a product from a site for the first time or signing up for a new service.