Email security: considerations for your business

“These are questions that you need to have an answer to so that you aren’t struggling to resolve the problem due to lack of preparation.”

Worldwide, three out of four organisations have been attacked by ransomware.

Considering that the percentage has risen from 61% to 75% in a year, email security is something to look out for. 

So, what are the best practices for keeping your business safe, email wise? 

Password strength 

The most simple and effective method to keep your work email secure is having a strong password. With a strong password, you can prevent unauthorised access to your emails, reducing the risk of a serious attack or data breach. 

We all know someone who has a basic password like Snoopy, United or another important part of their lives and will use that same password for everything. 

Having unique passwords for everything is best practice.

Password generator 

One of the most difficult things in the online world has to be choosing a new password. 

Password generators will create a randomised password for you within the limits you give it (e.g. uppercase and lowercase letters, numbers, special characters, length et cetera). 

Password manager 

Unless you have a fantastic memory, you should consider using a password manager. Because passwords can be hard to remember and store safely, a password manager is ideal. 

Many password managers will generate secure passwords for you too. 

Two-factor authentication 

Two-factor authentication adds another layer of security to your email account, meaning that it cannot be logged into with just the password. This could be: 

  • A call to your mobile phone 
  • A text message with code 
  • An authenticator app. Google or Microsoft authenticator software creates and stores codes using the TOTP algorithm (time-based one-time passwords, not Top of the Pops!), 
  • A hardware USB key which has to be attached to the machine you are logging in with. 

While deciding on your method of two-factor authentication, consider convenience for you and your staff and effectiveness. 

Email filtering 

Email programs like Outlook will automatically move spam into the spam folder for you with a limited number of options that you can ‘tweak’. The issue with this is that it can be hard to get a balance between filtering out too much or too little. 

An email filtering solution will pass all email through a set of complex algorithms specifically designed to catch the latest phishing or ransomware emails which are updated ‘on the fly’ to ensure even zero-day vulnerabilities are filtered out before even reaching your mailbox. 

Put simply, the best way to combat phishing attacks is to not allow them to reach your inbox in the first place. 

Security awareness training 

With the best will in the world, automated solutions will not catch 100% of the emails designed to catch you and your staff out. We must therefore educate the end user to ensure they are aware of what to look for. 

Phishing thrives on panic and quick reactions, so make sure they know to take a moment and check the email before sending any sensitive information. 

The language and punctuation used, the exact email account it was sent from, the information the email is asking for… these are just a few telltale signs. 

You should also encourage staff to report any devious emails as this can help you find the source, the reason for them and if there’s anything that can be done. 

A lot of this is common sense, most workers will know not to download files from an unknown email and not to send out passwords over email, but it’s safer to reinforce this to them just to be on the safe side. 

Security policies 

In terms of preventative measures, you should have a policy in place that is easy to understand and access for all staff. Research the measures you need to take. 

You may also be required by your customers to maintain a certification such as Cyber Essentials which will dictate the policies you require and the contents. 

If a staff member’s email account becomes compromised, have steps set out for them to take so that it can be spotted, reported and resolved quickly. 

Incident response 

You should also plan for the worst-case scenario, if you were to have a larger scale data breach, what steps do you take from there? 
 
This is where the company incident response policy comes into play, everyone should know what the steps are or at least know where to look from the person who discovered the breach to the managing director. 

Do you have backups saved? Are they encrypted? What information has been accessed and what can be done with it? 

These are all questions that you need have an answer to so that you aren’t on the spot and struggling to resolve the problem due to lack of preparation. 

When thinking about email security for your business, there are many more factors to consider. 

For more information on how to protect your business from scams and attacks, contact us and we will provide all the support you need. 

Are you in need of IT Support?

Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.

The Itek Newsletter

Sign up for our weekly newsletter, follow along with tips and tricks as well as best practices straight to your inbox.