Email is one of the most important tools used for business communication. Because of that, it is also one of the most common causes of a security breach.
With that said, there are several methods and services available to protect yourself from being exploited by a hacker.
What practices should you follow? This article will explain 4 of the best practices for email security.
1. Spam/Phishing Filter
If you have Office 365, then you have this feature already. Your administrator can create polices and custom filters to better protect yourself and the rest of your organization.
If that does not meet your needs, or your provider does not offer this, you can look for third-party services such as ProofPoint and Barracuda.
What makes spam/phishing filter services so useful?
They will scan incoming emails and verify their legitimacy. To do so, they look at the sender, content, links and the email’s geographic origin.
The limitation is that it references a provider-maintained database, and there are phishing/spam emails that are done well enough to trick the filters. The other limiting factor includes how you, the customer/user, set those filters up. They might be strict enough, or, for instance, a domain gets added to a whitelist when it should be blacklisted.
2. Email Encryption Policies
This is a useful tool for sending highly sensitive information to someone. Email encryption protects information from people who try to hijack or spy on those outgoing emails. If they try to open this email, it will look like an illegible, jumbled mess of characters. The only way for someone to know what is in the email is if the recipient verifies they are the recipient through some form of authentication.
Most email and anti-spam/phishing service providers will have some form of mail encryption services. It might be an extra service, or part of a package/plan. Some provide different methods of encrypting an email. Some require key words in the subject line, or the message body has certain phrases and numbers. This helps lessen the likelihood of highly sensitive information getting out unencrypted.
The limitation is the encryption’s complexity. This will generally be outside your control and you would need to trust that your provider keeps that encryption service up to date. The other limitation would be human error. Despite the policies, filters, buttons, etc., sometimes they may not type in the right word and that email becomes unprotected. That is why training and communication are extremely important on the matters of email security, particularly email encryption.
3. Employee Cyber Security Training and Ongoing Phishing Tests
You can have the best security and protection money can buy. However, they won’t amount to much if your employees are not trained to know what to look for, should a malicious email sneak past your defenses. The employees, managers, owners, CEOs, etc., are all the last line of defense against a security breach. So, how can you train your employees to be conscious of spam/phishing emails?
There are companies, like KnowBe4, that provide that kind of training for you and your employees. These training providers can help you create test emails that can be sent to everyone, to see if they are paying attention to the red flags associated with phishing attacks. The training material is updated regularly, so you won’t be behind on anything new.
They provide several other services beyond just the training and phishing email tests, too. They can help check on users with weak passwords, as well as provide suggestions on best practices based on your specific environment.
The limitations will come down to you and your employees. Ultimately, it is up to you to take that information to heart and follow through on the training.
4. Password Policy
This one can be tricky as this can backfire just as easily as it can help you. Microsoft 365 offers a sync service that will synchronize your domain password with your Microsoft account password. Whatever domain password policy in place there is what would be followed. If you don’t have one, your best bet is to require some form of complexity. The most common setup includes an 8-character minimum, special characters and at least one number. The other piece is requiring a password change every 90 days.
The part that can back-fire is that you can still make a weak password and/or use the same password with a slight change every time a change is needed. This is where employee training comes into play again.
The passwords don’t have to be something you see out of the Matrix, but it would be a good idea to promote something better than a name with an explanation point. How can I manage remembering all these passwords, and keep them secure, I hear you ask? Well, thankfully there are password manager services that can help with that. Dashlane and LastPass are examples of those services. Not only will they help you manage your passwords, but they will help generate new and secure passwords.
Does your business have optimal email security policies and procedures in place?
If not, contact CoreTech today. Cyber security, especially when it comes to your email inbox, is one thing that can’t wait another day.
Reach out to us to learn more about the essential email security solutions listed here—or to schedule a cyber security assessment for your Omaha or Lincoln organization.