5 Business Best Practices for Email Security
by Arianna Etemadieh
Updated: July 18, 2019
When it comes to best practices for online security, you may be familiar with tips like changing your password every six months, not using the same password for different logins, and not using a personal email account as your business email.
But what about email security for businesses?
Email is the most popular communication channel amongst businesses – and this trend isn’t going anywhere. With that said, there are countless hackers on the world wide web seeking to exploit insecure emails for personal gain.
To not fall victim to one of these cyberattacks, follow these security solutions below.
1. Protect yourself from spam, phishing and malware
We love spam musubi, but fortunately that’s not the spam we’re talking about protecting ourselves from.
Spammers will use a variety of techniques – such as keylogging Trojans, phishing emails or linking to malicious websites – to steal sensitive business and personal information. This can be details like social security numbers, bank accounts, credit card information and more.
In order to prevent this, you need an email service that stops malware or spam from arriving in your inbox or a robust anti-virus software in addition to your business email. Bonus points if this service can prevent the harvesting of email addresses and blocks emails with more than 15 recipients.
Having a good filter protecting your inbox will give you one less thing to worry about for potential security breaches.
As a bonus, if the software you use has advanced features like Paubox’s ExecProtect to eliminate display name spoofs from reaching users.
2. Double check internal corporate emails
As you read this article, you are becoming more savvy when it comes to email protection. However, so are cyber criminals.
Every day, new viruses and malware are being developed. As a result, the distribution of this malicious software is getting more complex.
READ MORE: The increasing complexity of email security
This means even official internal emails can be susceptible to malware.
Now, this isn’t to say that all company emails will contain some kind of virus. In fact, most malware is sent primarily from external sources.
However, if an employee’s machine gets a malware infection, they could be sending malicious emails from their personal or professional email address without their knowledge.
Naturally, we’re more likely to click on a link from someone we know versus someone we don’t know.
Therefore, be wary of links in email messages, even it seems like they are taking you somewhere familiar. It never hurts to follow up with your coworker and verify that they sent you the email with the potentially suspicious link.
If they didn’t send it to you, simply delete it.
But remember, cyber criminals make mistakes too. If a link seems legitimate, double check for misspellings or strange name variations. Most of the times, these are dead giveaways that the link is malicious.
3. Block large email attachments
As a general rule of thumb, emails should not contain attachments larger than 10MB. This is because some emails may not deliver attachments this large, and the sender may not always be notified that their email never sent.
However, in regards to email security, Word Docs, Excel and PDF files are the most common attack files used for malware. Attachments with macros are especially dangerous.
For a better email security practice, use an alternative method for sending large files such as a cloud service like Dropbox, Google Drive or Paubox.
If you see an unexpected attachment in an unfamiliar email, don’t open it. A simple click can lead to a damaging outcome.
4. Train your employees on email security
One seamless way you can train your employees: have them read this article as homework.
But in all seriousness, here are some email security practices you or human resources can train your employees to follow:
- Establish an email policy so employees know what to do and what not to do
- Do not click on links or open attachments from unknown senders
- Don’t respond to a spam email (a response verifies your email address, and spammers will continue bothering you knowing your email is real)
- If the email is from a known sender, verify it came from that person and double check the spelling / naming of the link or attachment
You can also do tests by sending a fake phishing email and seeing who clicks on it. That can be used to make sure everyone is applying their training and staying vigilant.
SEE ALSO: Locky Ransomware Attacks U.S. Healthcare
5. Encrypt your emails
Finally, the most important step to ensure there is no loss of private information – encrypt your emails.
This is especially important if you work in regulated industries, like healthcare, and need to meet regulatory requirements such as HIPAA.
By encrypting your emails, you’re preventing hackers from intercepting emails and stopping them from reading the emails. This makes sure that the only eyes reading your messages belong to your intended recipient.
READ MORE: Build A Rock-Solid Email Security Strategy
Many email providers, like Gmail, automatically encrypt their messages via Transport Layer Security (TLS) protocol. But not every email service has this enabled, meaning not every email delivered is encrypted.
Some studies show that as much as 20% of email providers do not support TLS and messages sent to them is delivered in clear text and can be read by anyone.
CHECK YOUR EMAIL: See if your email supports TLS in just a few seconds
As a result, you should look into a more comprehensive email encryption tool for even stronger email security.
By following these steps, you can rest assured that your information will be more safe from the hands of cybercriminals.