Tag Archive for: email security

Email is a critical tool in today’s business world, but it’s also a primary target for cybercriminals looking to break into corporate networks. By implementing strong email security practices, businesses can reduce risks and protect sensitive information. Here are 15 email security best practices to share with your employees to keep your organization secure.

  1. Train Employees on Email Security
    Regular training is the foundation of email security. Employees should be aware of potential threats like phishing and understand how to recognize suspicious emails. Security awareness programs are essential to staying updated on evolving threats.
  1. Use Strong, Unique Passwords
    Encourage employees to create long, unique passwords for their email accounts. Passphrases are a great option—easy to remember but hard to guess. A company-wide password policy should outline the importance of password strength.
  1. Don’t Reuse Passwords
    Password reuse across multiple accounts is a major security risk. Attackers can exploit one compromised account to gain access to others. Using unique passwords for each account is crucial for minimizing this risk.
  1. Implement Multi-Factor Authentication (MFA)
    MFA adds an extra layer of protection by requiring more than just a password to access email accounts. Even if an attacker steals a password, they’ll be unable to access the account without the additional authentication factor.
  1. Take Phishing Seriously
    Phishing attacks remain a major threat. Train employees to recognize phishing attempts and avoid clicking on suspicious links or downloading attachments from unknown senders. Include phishing awareness in regular security training.
  1. Be Wary of Attachments
    Attachments can contain malicious code, even from trusted sources. Make sure your email security posture includes safe sandbox detonation and scanning of email born links and attachments to prevent malware from infiltrating your organization through email.
  2. Don’t Click Email Links
    Links in emails can be deceptive, leading to malicious websites. Teach employees to hover over links and scrutinize URLs before clicking. 
  3. Don’t Use Business Email for Personal Use
    Mixing personal and business email usage increases the risk of security breaches. Employees should only use corporate email for work-related purposes and avoid logging into personal accounts using work devices.
  4. Use Corporate Email on Approved Devices Only
    Ensure that employees only access corporate email on company-approved devices with the necessary security controls in place. Unapproved devices might not have sufficient protection, making them a vulnerability.
  5. Encrypt Emails and Attachments
    Email encryption protects the content of emails from unauthorized access. Make sure employees understand how to use encryption tools to safeguard sensitive communications and attachments.
  6. Avoid Public Wi-Fi for Email
    Public Wi-Fi networks are notoriously insecure. Employees should avoid accessing corporate email while connected to public Wi-Fi unless they are using a secure VPN to encrypt their connection.
  7. Use Email Security Protocols
    Protocols like DKIM, SPF, and DMARC help prevent email spoofing and ensure that only legitimate messages reach employees’ inboxes. Businesses should ensure these protocols are in place for all corporate email accounts.
  8. Use Email Security Tools
    Implement email security tools such as spam filters, antivirus software, and email security gateways to protect against malware and phishing attacks. These tools provide an additional layer of defense.
  9. Log Out of Email When Not in Use
    Encourage employees to log out of their email accounts when they are not actively using them, especially on shared devices. Leaving accounts open increases the risk of unauthorized access.
  10. Regularly Monitor for Breaches
    Stay vigilant for any signs of data breaches that may affect email security. Tools like password managers can alert employees if their credentials are found in known data breaches, allowing them to take action quickly.

Stay Ahead of Email Security Threats with Go West IT

At Go West IT, we understand the importance of email security in protecting your organization from cyber threats. Our comprehensive managed services include tools and strategies to help you safeguard your business from email-related risks. Whether it’s deploying MFA, monitoring for breaches, or training employees on security best practices, we’ve got you covered.

Learn more about our managed services.

I really hate hearing from customers and prospective customers that we were right and that they wish they had taken our advice to harden their systems and implement tighter security controls before their breach. Feedback from customers suggests the inconvenience of implementing additional controls is often what keeps them from taking action as opposed to the cost, which is negligible for some of the most effective controls like Multi-Factor Authentication (MFA). If you think the controls are inconvenient, you should spend some time visiting with someone who has been through a breach.

The most likely cyber-attack a small business will experience is an email breach which quickly lead to real payment fraud losses, reputational damage, and compliance risk. Once a criminal organization (yes, there are organizations attacking your small business) has success breaching one email account, you can expect the attacks to increase in volume and sophistication. Businesses can dramatically reduce email breach risk with relatively little cost and yes, some minor inconvenience.

Take the Next Steps

If you own a business or have are responsible for managing business risk, you need to take steps to protect your business, your shareholders, your employees, your vendors, and most importantly your customers. You must take action to implement additional controls. Start by asking your IT professionals to implement controls for yourself so you can understand first-hand how the controls protect your business and the level of inconvenience the controls may cause. This puts you in the best position possible to make informed decisions about how to protect your business and champion initiatives to tighten controls.

If you’ve done nothing to date, start with implementing MFA for your business email and then work with an IT professional to constantly review and improve security controls around all your systems and data.

I’m right and I hope I never have to tell you “I told you so”.

Your credentials can be phished, period.  If you think you’re above being phished, you’re wrong.  We all have weak moments and the criminals are really good at praying on our whims and emotions.  Trust me, you can be phished.  Don’t put so much pressure on yourself.  Implement multi-factor authentication (MFA) wherever possible to protect your accounts even if you are phished.  This is so important that we put together a video to show you how.  Watch this video.  Please just give us a call if you want help or want to discuss additional configuration options to ease implementation for your business.  We will be happy to help.

If you don’t know anything about Office 365 Multi-Factor Authentication please check out our blog and video from December 2017 for a complete overview https://www.gowestit.com/office-365-multi-factor-authentication.