It’s the classic business communication tool. Instant message platforms like Teams may be breathing down its neck, but email remains the gold standard. For many, checking email with that first cup of coffee is an important ritual to mark the start of the day.
A lot of people take the privacy and security of their inboxes lightly. But in many cases, email is the main way hackers target businesses during cyberattacks. Staff often let their guard down, and aren’t always able to tell the difference between a genuine and a fake email.
Here are our 6 tips for keeping email secure
Email Security Best Practice
Be aware of external mail
You should always know when you’ve received an external email, versus an internal one. Always be a bit cautious with external mail, especially if you’re sent an attachment, and if you weren’t expecting anything. Only open attachments from trusted sources. Better still, security products like Microsoft Advanced Threat Protection can scan attachments to make sure they are safe to open.
Email platforms can be set up to highlight external emails, with a banner saying something along the lines of: “The sender firstname.lastname@example.org is from outside your organisation.”
Limit mail forwarding
When we’re sent a message we want to share, people often forward the mail without thinking about the consequences. You may not have even known that there are consequences. Where is the message going? Who will see it? Where will it be stored? If your email is hosted on a company server, chances are certain security measures are in place to protect any sensitive information contained in your private email.
When someone forwards an internal email to a recipient outside of your company, however, you are exposing that data (as well as any other emails in the forwarded chain) to potentially unsecured, unencrypted servers.
Watch out for malicious emails. Here are some of the different types of email threat to look out for:
- Phishing: an email attack trying to get your sensitive information
- Spear phishing: a type of phishing that uses your information to get it. A more targeted version.
- Social engineering: providing false data to appear legitimate (e.g. Pretending to be Microsoft)
- Malware: malicious software designed to attack your systems
Sharing sensitive information
Exercise good judgment, and never send any personal identifiable information (PII) in an email. PII can include national insurance numbers, driver’s license or credit card numbers, medical records, photographs of your passport or ID cards. Businesses that regularly handle PII, such as banks, hospitals or government agencies will ask you to send documentation through a secure application.
A great way to keep email private and away from prying eyes is through encryption. Encryption protects your private email by jumbling up your messages, making them impossible to decipher unless you explicitly authorize someone to read them. As an added bonus, if your email ends up getting stored on a server outside of your control, you still have power over who gets to see it — and you can revoke that permission at any time.
This can be applied to most online tools you use. We think that multi-factor authentication is the best way to secure your accounts. Should your email address and password be compromised, that wouldn’t be enough for someone to access your account. They would need your second level of authentication – a text message or in app notification.
Email is great. But there are areas you and your staff need to be aware of to make sure they are kept safe. Concerned about cybersecurity? Speak to an ACUTEC consultant and get the right systems for your business.