Email Security: Best Practices

Email security describes the various techniques used for keeping private information sent through emails secure against unauthorised access or loss. Because email is such a commonly used form of communication, it is a popular channel for the spread of malware, spam, and phishing attacks; such as using deceptive messages to entice recipients into divulging sensitive information, opening attachments or clicking on links that install malware on your device.

Email is also a popular entry point for attackers looking to gain access to an enterprise network and breach valuable company data. Don’t wait for an attack to happen to your business, be proactive with the best practices listed below.

There’s no way around this: Information stored and sent over email is vulnerable. How can you reduce the risk of becoming the target of an attacker? Follow these best practices:

Don’t open attachments in unfamiliar emails. Email attachments are still a popular way to circulate malware – all it takes is one click, and you could download harmful spyware onto your computer or device.

Don’t click on suspicious links. If a link looks like it has come from an unfamiliar source, don’t click it. It could take you to an unspecified location and possibly download malware into your device.

Pick a strong password (and change it frequently). A strong password is crucial. A weak password is one that can be easily guessed. Make sure your password has a combination of lower- and upper-case letters, numbers and symbols, and make it unrelated to your personal life. A passphrase is a good option, as it will be easier to remember and harder to hack e.g. “trAff1cishorribl3!”

Avoid unsecure Wi-Fi. Unsecured Wi-Fi connections are open invitations to cyber-criminals. They can gain public access to the system, and view any traffic you send or receive; which basically means they have gained access to your account. Make sure your home network is secured with a strong password, and be cautious when using public Wi-Fi.

Avoid sending unnecessary personal information. Phishing involves goading a user to send personal login information (usually under the pretence of a communication from an official but familiar company). As a general rule, it’s best to avoid sending any personal information over email.

It is important to know and understand that malware sent via an email message can be very destructive. Often containing malware in attachments that are designed to look like legitimate documents or include links that lead to websites that download malware onto your device, all it takes is one click to become compromised.

Phishing attacks against businesses are very common and are often targeted at departments that handle sensitive personal or financial information, such as accounts payable or human resources. Often a sense of urgency is instilled into communications to increase the chances of success in gaining your login information, passwords, bank account numbers, and even credit card information. Some may even link to a counterfeit website that look exactly like that of a reputable business to trick victims into entering their information.

Due to the popularity of email attacks, it’s crucial that enterprises and individuals take measures to secure their email accounts against common attacks, as well as attempts at unauthorised access to accounts. Precautions include setting up a strong firewall, ensuring your antivirus is up to date and has the most recent security patches installed, and making the most of a clean mail service like the one Focus provide – Focus Clean Mail.

From the below chart, you can see the percent of Spam that we see going through our Spam filters from 10 of our clients domains. With Client 1, 98% of all email we process for them is quarantined.

Courtesy of Digital Guardian, here are some email security best practices for enterprises and individuals.

There are multiple ways to secure email accounts, and for enterprises, it’s a two-pronged approach encompassing employee education and comprehensive security protocols. Best practices for email security include:

• Engage employees in ongoing security education around email security risks and how to avoid falling victim to phishing attacks over email.
• Require employees to use strong passwords and mandate password changes periodically.
• Utilise email encryption to protect both email content and attachments.
• Implement security best practices for BYOD if your company allows employees to access corporate email on personal devices.
• Ensure that webmail applications are able to secure logins and use encryption.
• Implement scanners and other tools to scan messages and block emails containing malware or other malicious files before they reach your end users.
• Implement a data protection solution to identify sensitive data and prevent it from being lost via email.

There are also some important best practices that end users should follow to ensure secure email usage. Arming your employees with the know-how to avoid risky behaviours can make a substantial impact on your company’s ability to reduce risks associated with email. Email security best practices for end users/employees include:

• Never open attachments or click on links in email messages from unknown senders.
• Change passwords often and use best practices for creating strong passwords.
• Never share passwords with anyone, including co-workers.
• Try to send as little sensitive information as possible via email, and send sensitive information only to recipients who require it.
• Use spam filters and anti-virus software.
• When working remotely or on a personal device, use VPN software to access corporate email.
• Avoid accessing company email from public Wi-Fi connections.

By educating employees on email security and implementing the proper measures to protect email, enterprises can mitigate many of the risks that come with email usage and prevent sensitive data loss or malware infections via email.

http://www.inc.com/larry-alton/email-security-in-2016-what-you-need-to-know.html
https://digitalguardian.com/blog/what-email-security-data-protection-101