Despite the various types of new technology to enter the business world in the past few decades, good old-fashioned email remains the hacker’s favorite when it comes times to try and gain access to a network. Email is still the main method used by attackers. All businesses are at risk from this, but small businesses have the highest level of risk.
Imagine, if even SONY can be hit by an email hack, what chance does a small business have. But in fact, although small businesses may be more vulnerable, it is actually easier for a small business to address its email security thoroughly. While a large corporation may have hundreds or even thousands of machines to secure across multiple networks and even multiple countries. A small business often only has a few machines in a single location, making it easier to organize a coordinated cybersecurity.
Here are some tips and ideas on how to properly secure your email.
1.Remember the Cybersecurity is not optional
This is less of a tech tip and more of a philosophy to live by. At your business, you’d never dream of not paying your office rent for a week, cancelling your insurance or turning off the heating during a snowstorm to save money. Think of cybersecurity in the same way, not as an afterthought but as an essential part of your business. Don’t cut corners, don’t leave things “until later”, don’t hope for the best.
2. Encrypt your emails
By encrypting your emails, only the sender and recipient are able to read their contents (unlike regular emails which are sent unencrypted and can be intercepted and read).
There are a variety of ways to encrypt your emails. Some email clients have it as an option which can be toggled on or off, others require additional software in order to encrypt them.
Be aware though that an encrypted email should not be seen as completely safe just because it is encrypted. If the sender or recipient's machine itself, an attacker may still be able to read the contents of the email.
3. Secure Your Passwords
Is your password secure? How long have you had it? Do you use it for any other services? Passwords alone are also insufficient to secure an account properly. For example, if your machine has already been compromised and an attacker has installed a keylogger, then they know your password. Solutions like a password manager (LastPass and OnePassword are good choices) help by storing and randomizing passwords for you so you never have to remember them (and if you can’t remember them, you can’t accidentally give them away).
Another solution is Multi Factor Authentication where a second method of authentication, like a code sent by SMS to your cell phone, is needed to access your account. That way, even if an attacker gains access to your password they cannot gain access to your account unless they also have physical access to your cell phone at the very moment they are trying to hack in.
4. Have a sensible email policy
Misuse or poor management of company email systems also leads to vulnerabilities. You should have a clear and simple email policy governing such issues as:
· The use of company emails for personal matters
· How long to retain emails
5. Train And Educate Your Employees
People will not follow rules that do not make sense so make sure to not only remind your employees of your security policies frequently and fully explain the risks to them, so they understand why it is important.
Employees should be educated about which kinds of actions they should refrain from and what the most common types of email threats are.
Even businesses that spend a lot on cybersecurity will often overlook employee training. This is unwise as no matter how good the technological solutions you employ, human error will always be the biggest risk factor. If you could only take one action to better your cybersecurity, properly training your staff would be your best option.
Some managed IT providers will offer penetration testing and fake phishing emails to test your employee’s readiness.
6. Use Additional Email Security Software
While encrypting emails is a good start, additional measures will bring additional layers of security. Software like Mimecast can sandbox suspicious emails into a cloud environment for you to inspect safely before they ever reach your network.
7. Protect Every Machine
Cybersecurity is like vaccination, the more people are protected, the better the entire system/network is protected. Some businesses will only bother to secure management or the CEO’s machine. This is as good as useless, if a single machine on your network is unprotected then your entire network is unprotected. Think about your cybersecurity holistically.
We hope this has been a good introduction to the basics of email and network security. If you are struggling with getting to grips with your network security, consider calling in the services of a managed IT provider who specializes in cybersecurity for businesses.
Top comments (0)