Best Practices Around Email Security

 Read Time: 5 Minutes

Best Practices for Email SecurityYour email accounts are where you are most vulnerable to being a victim of a cybercrime. Cybercriminals are attacking email accounts on a daily basis with phishing scams. The numbers don’t lie. Between the first and second quarters of 2018, email attacks against businesses rose 36 percent. Industries like retail, healthcare, and government saw the highest volume of attacks. 

Regular employees made up for 60% of targeted malware and phishing attacks while executives received 29% of attacks. While the percentage for executive attacks may seem small, the fact that the number is growing shows the cybercriminals are becoming bolder in their attempts to steal sensitive information.

Employees are receiving fraudulent emails from stolen identities of their coworkers requesting personal information such as social insurance numbers and banking information.

So what can you do to secure your email account against these attacks?

Passwords

We’ve been preaching this gospel of strong passwords for years, and we’re not stopping anytime soon. Strong passwords are the most basic requirement for email security. A weak password is never going to protect your email and company data that is contained in your email account. A strong password should follow these guidelines: 

  • Upper and lower case letters
  • Numbers and special characters
  • Avoid words that can be found in a dictionary
  • Do not include any information that someone could easily guess based on your identity:
    • Phone numbers
    • Dates of birth
    • Anniversaries
    • Children’s or pets’ names
    • Home addresses
    • Avoid common letter/number substitutions
    • Use phrases rather than words
    • Update passwords on a schedule

Two-Factor Authentication

This step may seem more technical or difficult to implement but it is becoming a more common practice. Two-factor creates another level of security beyond your password. Typically two-factor is connected to your cell phone or an app like Google Authenticator. After signing in with your password, you will be prompted to enter a code that has been sent to you via text message or app notification.

If a cybercriminal does crack or guess your password, they will now need your cell phone or access to the authenticator app. You should not have the two-factor message sent to your computer because if your device was stolen the code is then being sent directly to the attacker.

Never open unexpected attachments

You can’t get through a day in the office without receiving an email with an attached file. It’s almost instinctive to immediately open a file when you see it. But you should pause, take a breath, and review the email before you click “open.”

Verify the email address itself; do not trust the display name, this can be spoofed. An email from a manager, coworker, or client that commonly sends you attachments is most likely safe to open. By default, many email applications have virus scanning abilities and can filter common spam and known offenders. You can review these settings in your email or have the IT department review them with you.

Never use company email for personal reasons

Your company should have a policy in place that clearly outlines the security and acceptable use for email. It will tell you what you can, and can not, use company email for. Restricting email usage to only business activities reduces the number of areas where your email is exposed on the internet.

If you’re using your company email to shop online, sign up for subscription services, or emailing friends you’re broadening the exposure to cybercriminals. Everyone should have their email use restricted, from the newest employee to the CEO, nobody should use their company email for personal reasons. If upper management follows this policy, every worker in the company should as well.

Avoid Public Wifi or Use a VPN

Are you sometimes working from a coffee shop, sipping espresso and answering emails? More often than not if you’re in this scenario you’re using public access wi-fi. Anybody sitting in that same coffee shop can hack your data via the public wi-fi connection. An attacker could be sniffing all the data that is going across the local coffee shops wi-fi, including emails with company data. Installing and using a VPN (virtual private network) when working on unsafe networks is essential for security.

Not only do VPNs encrypt the data but it allows you to work safely and securely in public. The data will be encrypted from end-to-end by your VPN, offering you security and keeping your company data private. VPNs are not very difficult to implement, depending on your organization. You can use a VPN service that is usually quick and easy to set up or your IT department can create their own VPN depending on the structure of your network.

If you start using these tips to secure your email, you will be a cybercriminal’s worst nightmare. Keep the security high and the risk exposure low.

Tags: email security, best practices, information security, phishing, financial


Default Avatar

Laird Wilton

Laird is Co-Founder of Securicy, an Information Security Company that enables organizations to efficiently implement and maintain compliant Information Security Practices