How to Secure Email: 8 Tips for Protecting Your Company's Communicationspublished 3/11/2020
Did you know that the U.S. spends $100 billion each year because of cyberattacks? Cyberattacks on small businesses nearly doubled last year, and knowing how to secure email has become a priority.
Taking measures to have a secure email service can save small businesses hundreds of thousands of dollars from cyber-attacks. Let us help walk you through the ways you can educate your employees and keep your company's emails safe.
Primary Email Threats
In the cyber-attack world, there are two main types of threats to your small business email. The first type is inbox threats, which include phishing or scam emails.
The second type is transit threats. These involve someone hacking into your email. They may also trick you into opening an email that looks familiar but sends you to a malicious website.
What is Phishing?
Threats that target your inbox can be any type of communication, but email has a target on its back for phishing schemes.
Phishing emails use tricky ways to ask you for personal information, such as your bank account number or your email account password.
An example is if someone that seemed familiar shares a Google Doc with you and you click to open it.
When you go to log in, there is an extra step that asks if Google Docs can access your account.
Cyber-attackers make it look like the standard Google login page, with the extra step.
A phishing guide and tutorial are in company email policies to ensure employees are aware of these scam emails that can come through.
Never Trust the Man in the Middle
Transit is the second type of threat that involves someone who is spying on two people and stealing the information that they send to each other.
This is a "man in the middle attack" or MitM. The man in the middle can lead to a targeted form of phishing called spear phishing.
This is when someone hacks into your count, watches your emails, and creates a fake user that looks like someone you've been talking to over email.
Traditional transit methods involve the cyber-attacker being near you and your computer.
They rely on unsecured email, which is why it's dangerous to use public WiFi. There are ways to create fake WiFi domains and give hackers easy access to your computer.
There are also "man in the browser" or MitB attacks where the hacker uses malware to steal account information or bank access.
Between MitM and MitB, all involve hacking your email and stealing information without you knowing until it's too late.
How to Secure Email
Today, we are going to go over eight secure email solutions that all small business email systems should consider and put into action to prevent cyber-attacks.
If you take the following steps, you will save money and relieve any stress of cyberattacks.
Though we are focused on email, it's essential to have a secure network across your small business.
This includes your company website security, payment information, and educating your employees.
The Small Biz Cyber Planner 2.0 can help you establish your strategy.
Email encryption is the key to emailing safely and only allows certain users to access and read your emails.
One way to encrypt your small business email system is to use an email certificate.
This provides employees with a public key that they can share with external users to use when sending them an email and a private key to decrypt emails coming to your employee's inbox.
PGP or "Pretty Good Privacy" is an example of an email certificate.
Step one is making sure your employees have a different password for their email and work computer.
Step two is providing a guide to your employees on what a strong password needs.
A secure password includes 12 characters, numbers, symbols, and a mix of lower-case and upper-case letters. Your employees shouldn't use the same password for multiple accounts.
Multifactor authentication is when your employee would have to enter a code from their phone or take other action before being signed into an application.
Single sign-on is when a user can sign into applications using the same username and password, and they are all connected under one software system.
You can also set your email system to making each employee change their password every few months to be extra secure.
There are many ways to educate your employees on password protection, but it's also essential to provide them with the tools to learn.
Cybersecurity Employee Training
There are multiple ways you can train your employees on cybersecurity, and it is smart to train from the start of their job during company onboarding.
You can create a seminar and walk them through your company email policies, or give them a tutorial followed by a test.
There are also phishing tests you can send to your employee's emails to keep them on their toes.
Companies tend to spend less than one percent on their security budget, but end up paying for it later in cyber-attacks. Be proactive, and you won't have to pay later!
Protect Mobile Email on Company Devices
Employee cellphones should be encrypted as well as if you use your personal cellphone to receive and send work emails.
The same password reminders and training should apply, and all phones should be secured with a separate password.
Unlocked Computers Should Never Be Left Unattended
It should under your company email policies to never leave your computer unlocked, even at your desk.
You should also set to your home, password-protected screen if you leave your desk to go to the bathroom, grab lunch, or even if you step out to take a quick call.
One exercise is if an employee sees another employee's laptop open and unattended, there could be a reward system that entices employees to follow these guidelines.
Send employees instructions on filters they can set in their inbox.
Filters can blacklist certain email addresses, unnecessary messages and are an extra step to keep your email from harm's way.
There are antivirus software and ways to avoid computer viruses. Viruses can overtake your computer, including your email.
Find the one best for your small business email and ensure that each employee is updating the antivirus software so that it runs correctly.
After learning how to secure email, it's essential to take the next step and be proactive so that your small business doesn't hurt in the long run.
Companies lose money because of cyberattacks. If you educate your employees and act to avoid the attacks, you will end up saving yourself stress and money.
Make yourself, your company, and your employees' emailing safety a top priority.
If you are near one of our locations and are looking for extra services or tips, we are here to help you. Contact us today!