Best Practices For Email Security

Your email accounts are where you are most vulnerable to being a victim of a cybercrime. Yet email security is often forgotten.

Cybercriminals are attacking email accounts on a daily basis with phishing scams. The numbers don’t lie. Between the first and second quarters of 2018, email attacks against businesses rose 36 percent. Industries like retail, healthcare, and government saw the highest volume of attacks. 

Regular employees made up for 60% of targeted malware and phishing attacks while executives received 29% of attacks. While the percentage for executive attacks may seem small, the fact that the number is growing shows the cybercriminals are becoming bolder in their attempts to steal sensitive information. 

Employees are receiving fraudulent emails from stolen identities of their coworkers requesting personal information such as social insurance numbers and banking information. 

So what can you do to increase your email security against these attacks?

1. Pick Strong Passwords 

We’ve been preaching this gospel of strong passwords for years, and we’re not stopping anytime soon. Strong passwords are the most basic requirement for email security. You can also write a requirement to use a password manager into your email security policy. A weak password is never going to protect your email and company data that is contained in your email account. A strong password should follow these guidelines:

  • Upper and lower case letters
  • Numbers and special characters
  • Avoid words that can be found in a dictionary
  • Do not include any information that someone could easily guess based on your identity:
    • Phone numbers
    • Dates of birth
    • Anniversaries
    • Children’s or pets’ names
    • Home addresses
    • Avoid common letter/number substitutions
    • Use phrases rather than words
    • Update passwords on a schedule

2. Use Two-Factor Authentication

This step may seem more technical or difficult to implement but it is becoming a more common practice. And it’s actually an easy tool to boost your email security. Two-factor (or multi-factor authentication) creates another level of security beyond your password. Typically two-factor is connected to your cell phone or an app like Google Authenticator. After signing in with your password, you will be prompted to enter a code that has been sent to you via text message or app notification.

If a cybercriminal does crack or guess your password, they will now need your cell phone or access to the authenticator app. You should not have the two-factor message sent to your computer because if your device was stolen the code is then being sent directly to the attacker.

3. Never open unexpected attachments

You can’t get through a day in the office without receiving an email with an attached file. It’s almost instinctive to immediately open a file when you see it. But you should pause, take a breath, and review the email before you click “open.”

Verify the email address itself; do not trust the display name, this can be spoofed. An email from a manager, coworker, or client that commonly sends you attachments is most likely safe to open. By default, many email applications have virus scanning abilities and can filter common spam and known offenders. You can review these settings in your email or have the IT department review them with you.

4. Never use company email for personal reasons

Your company should have a policy in place that clearly outlines the security and acceptable use for email. It will tell you what you can, and can not, use company email for. Restricting email usage to only business activities reduces the number of areas where your email is exposed on the internet.

If you’re using your company email to shop online, sign up for subscription services, or emailing friends you’re broadening the exposure to cybercriminals. Everyone should have their email use restricted, from the newest employee to the CEO, nobody should use their company email for personal reasons. If upper management follows this email security policy, every worker in the company should as well.

5. Avoid Public Wifi (or Use a VPN)

Are you sometimes working from a coffee shop, sipping espresso and answering emails? More often than not if you’re in this scenario you’re using public access wi-fi. Anybody sitting in that same coffee shop can hack your data via the public wi-fi connection. An attacker could be sniffing all the data that is going across the local coffee shops wi-fi, including emails with company data. Installing and using a VPN (virtual private network) when working on unsafe networks is essential for security.

Not only do VPNs encrypt the data but it allows you to work safely and securely in public. The data will be encrypted from end-to-end by your VPN, offering you security and keeping your company data private. VPNs are not very difficult to implement, depending on your organization. You can use a VPN service that is usually quick and easy to set up or your IT department can create their own VPN depending on the structure of your network.

Don’t Overlook Your Email Security Policy

If you start using these tips to secure your email, you will be a cybercriminal’s nightmare. Keep your security high and risk exposure low.

Get custom information security policies generated for your business in minutes. Securicy guides you through creating, implementing, and managing your cybersecurity plan.