Are you concerned about how cybercrime and data theft could affect your business operations? Does your business intend to spend a significant percentage of its budget on security this year?

If the answer is yes, you need to focus at least some of your efforts on protecting your email communications.

There are hundreds of different threats out there at the moment, and any of them could damage your brand reputation. We saw this happening with companies that lost vital client data in recent cyber breaches, and that received much bad press for doing so.

Most of these breaches happen due to poor email security practices. The latest Data Breach Investigations Report (DBIR) suggests that 66 percent of malware installed on breached networks come through email attachments. There is a decent chance that anyone who penetrates your email system might manage to steal passwords or any other sensitive data.

With all that in mind, the information on this page should point you in the right direction and set the record straight.

Read this post and ensure you take all the tips onboard and put them into action as soon as possible. The last thing you want is for hackers or the programs they might create to cause issues for your business.

Data Security Cloud Free Trial

Best email practices for business, Train your employees

The information in this section will offer fundamental security tips while highlighting email security measures you should have in place already. If you are not taking the actions mentioned below, you need to start doing so as soon as possible.

The measures you are going to read make up the very least companies need to do to protect themselves from common threats like hacking.

 1. The Best Email Security, Use strong passwords that are unique

There is no getting away from the fact that weak passwords are never going to protect your company from data theft or hacking. You need to take a look at all the passwords and phrases people in your office use right now. You then need to improve them based on the tips mentioned below.

A secure password is almost impossible to guess without some insight. The only way a hacker will break into your system is if they use specialist password-guessing software that will run through millions of combinations. 

The more complex the password, the more time it takes for the software to figure it out. The passwords that follow the best practices outlined below would take 200-500 years to break.

Essentials for a strong password:

  • Use upper and lower case letters
  • Use numbers and special characters
  • Use random numbers and letters rather than words
  • Never use your birthday, hometown, school, university, or brand name
  • Avoid common letter-number substitutions
  • Think in terms of phrases rather than words

If you are still not sure why strong passwords matter and how to apply these rules, Edward Snowden sums this up nicely in this video. Your organization needs a solid enterprise password management plan.

Click the infographic for a full-size version.

 2. Using two-tier authentication

It might sound technical, but using two-tier authentication is quite straightforward. Moreover, it is guaranteed to add an extra layer of protection to your emails. There are often options within your email client that will enable you to add that service. You can also download specialized software or use a different cloud email provider if you cannot add two-tier authentication with the system you use at the moment.

The concept is simple, but it is an excellent data loss prevention method as it makes life much more difficult for hackers and those who wait to sneak a peek at your emails.

Even if a criminal manages to guess or retrieve the passwords to your account, two-tier authentication will mean that the individual will still require a code to get your messages and cause issues. That code is usually sent to your phone via a text message. Do not make the mistake of sending it to your computer because you never know who is watching.

Two-tier authentication is one of the best ways to protect a social media or a web application from a data breach. It also works with virtually any cloud storage service you might be using. 

example of two tier authentication from gmail
Example of Gmail 2 tier security

3. Watch out for phishing emails

Before we can help you to keep your eyes peeled for phishing attacks, it is sensible to explain the nature of those domains for people who have not encountered the term in the past. Phishing is a straightforward concept many hackers will use to steal email and account information by tricking individuals into handing over their details.

The process usually works like this:

  • The hacker sends emails that contain a link to a site you know.
  • The victim clicks the link and finds themselves looking at a familiar website. That is often their bank or something similar, but the site is fake.
  • The victim then enters their email address and password to log into their account.
  • The fake phishing site steals the email and password before passing it back to the hacker.

When someone at a company falls victim to advanced malware attacks and phishing emails, it can become a disastrous situation.

That is especially the case in instances where the business uses the same passwords for everyone in their office. Hopefully, that should help to highlight how important it can be that you develop strong and unique passwords for all your workers.

A phishing attack is no longer as apparent as it used to be. Hackers are becoming increasingly sophisticated, making it more difficult to identify it unless you pay attention to details.

Just consider this example of a phishing email pretending to be a bank. How long would it take you to figure out it was a scam?

sample email using phishing to steal data and information

4. Never open unexpected attachments without scanning

Sometimes your business will receive emails that contain file attachments. That is not a problem if you notice the email is from your accountant, and you know you are waiting for them to send information. It is rarely an issue when the emails come from customers or clients either.

However, occasionally, your company will get a phishing email. Such emails come from an unknown source and contain files for you to open.

Of course, you cannot go putting all those messages straight in the trash because many of them might be genuine. For that reason, you need to invest in email threat protection systems. You should consider using antivirus and anti-malware email security software to scan all correspondence, as well as implement advanced spam filters. That should let you know if there is any need for concern when opening the email attachment.

If the program tells you there is a problem, you can delete the message, block the sender, and secure your system. That way, you can prevent a business email compromise and a subsequent data security breach. 

5. Do not let employees use company email addresses for private messages

You need to limit the chances of hackers targeting your email system. The best way to achieve this goal is to implement advanced endpoint security solutions and ensure that only work-related messages are hitting your computers.

Discourage all your employees from using company communication systems to talk to friends, shop online or do anything that does not relate to their job roles. It is possible that you could end up attracting cybercriminals if you fail to follow that advice.

You are not awkward when you put measures like that in place. You are just protecting the interests of your operation and everyone it employs. 

It is vital to note the same rules will apply to you as the business owner. Never make the mistake of using your professional accounts for anything other than work.

If people in your office need to access their personal accounts for any reason during the working day, tell them to do so using their smartphones and their mobile internet.

Do not allow anyone to connect a smartphone to your office WiFi system if you want to stay under the radar and avoid hackers.

To ensure they understand the reasoning behind this, consider organizing company-wide security awareness training. That can be an excellent way to educate them on the importance of data protection, share email security tips, and raise their awareness of the current cyber threats and technology trends. 

laptop displaying scam alert after opening gmail

6. Scan all emails for viruses and malware

Remember that antivirus malware and software we told you to get a few paragraphs ago?

Well, in most instances, you can use it for far more than just scanning attachments before you open them. Some of the top virus screening solutions on the market will also scan all incoming emails and check them for vulnerabilities as they come into your inbox. The software will present you with an alert if there is any reason for concern. You can usually quarantine the affected email before it has enough time to cause any damage.

Those who use hosted email services will often find their provider follows the same cloud security procedure and lets you know if there is anything dodgy about messages landing in your inbox.

It is your responsibility to check your security settings and enable specific options. Sometimes you have to pay for that service as an extra feature, verify your account now and make sure your provider scans all emails with antivirus solutions. 

If you do not have protection, now is the best time to add it. 

Web Security

7. Never access emails from public WiFi

Public WiFi is never secure, and there are many ways in which hackers can steal all the information that passes through a network.

Indeed, criminals only require a laptop and basic software to hack into public WiFi networks and then monitor all the traffic. If you or anyone at your company access emails via a service of that nature, you will make it easy for anyone with the will to steal your passwords and view your sensitive data. That could result in a targeted attack further down the line.

If people need to access their messages outside of the office, there are a couple of options on the table that should not make your operation vulnerable to data theft.

Firstly, if unable to connect to a secure WiFi, your employees could use their smartphone and mobile internet.

That is much more secure than any public WiFi service, and the move should protect your cloud data and your interests.

Secondly, you might consider paying for mobile internet dongles that workers can use with their laptops outside of the office. Both of those options tend to work well, and they should help to protect all your company emails.

emails being filtered by a spam firewall

8. Use a robust spam filter

One of the best things about cloud-based email services these days is that they tend to come with excellent spam filters.

Indeed, even Google through their service Gmail manages to remove most unwanted messages from your inbox. Make sure you turn your spam filter on or look for a provider who offers better security solutions than those you have right now. Spam filters are an email specialist’s way of attempting to sort the wheat from the chaff and ensure you are not bothered by hundreds of marketing messages and “do you want to lose weight” emails every week.

You can often change the settings on your spam filter to block out any emails that contain specific words or phrases. That can come in handy if you know about some scams going around at the moment because you can block most of the keywords. That should help you to prevent any of your employees from opening a spam email that contains dodgy links or malware by accident.

9. Never click the “unsubscribe” link in spam emails

Let us presume for a moment that an email managed to get through your spam filter and antivirus programs. You open the message and then discover that it looks like a phishing scam or something similar. There is an unsubscribe link at the bottom of the page, and you wonder if it is sensible to click that to prevent further emails from the unwanted source. Whatever happens, make sure you never click that unsubscribe link. Hackers will often place them in emails in an attempt to fool you.

If you decide to click the unsubscribe link or do it by mistake, there is a reasonable chance you will land on a phishing site that will attempt to steal any information it can gather. The link could also provide hackers with a backdoor into your system, and that is why you must never click it. Just mark the message as spam, so your spam filter picks it up next time around, and hit delete.

Remember Safe Email Security Practices

Now you know about email security best practices, nothing should stand in the way of protecting your business.

Combining these with some business data security practices will go a long way regarding your business continuity. You need to make sure all your employees understand this advice too for the best results. 

Arrange a meeting or training session where you can hammer the points home and ensure everyone grasps the concept of email data theft and protection.

Whatever you decide, never forget that hackers are everywhere these days. They will stop at nothing to steal your data. Protect yourself with robust email security.

PhoenixNAP Security Solutions - Contact