Despite the popularity of video conferencing and work-focused instant messaging services, email remains a fundamental element of most businesses in the UK. The importance of cyber security in business
cannot be overstated, and email security best practices should not be overlooked.
In this post, we’re looking at some email security best practices for employees and employers alike.
Business Email Security Tips
Having a strong password that is difficult to guess and stored in a password manager is one of the most fundamental email safety best practices. A secure password is key to ensuring that no unwanted parties can get access to your email account.
- Two-factor authentication
Cyber-attacks and hacking are becoming more sophisticated by the day, and business email accounts cannot afford to fall victim. Utilising two-factor authentication is an easy way to add an extra layer of business email security, and if you don’t want to ask your employees to use their own devices, you can even implement two-factor authentication without a smartphone.
- Keep on top of your emails
Everyone knows that one person who has 1,093 unread emails in their inbox at any given time. Maybe you know a few of them, or maybe you are one yourself. However, this is not the way forward when it comes to GDPR and email security best practices. Keep your emails organised, unsubscribe from those newsletters you never read and sort your emails into folders.
- Archive emails regularly
Similarly, regularly archiving your emails can help you remain compliant with GDPR and email security best practices for employees. It also means that you continue to have access to old emails if you need them, but if your email account is compromised, the hacker cannot access everything.
- Have a robust spam filter
The easiest way to ensure that you aren’t clicking on any untoward links is to stop them from reaching your inbox in the first place. Of course, this certainly isn’t infallible – and we’ll cover phishing emails
in more detail in a second – but a strong spam filter means that the majority of those emails should be caught and automatically deleted. This is key for business email security as it greatly reduces the risk of human error.
- Be wary of attachments
Unless you know an attachment is trustworthy, you should never open it. Attachments can install viruses or ransomware
on your computer and harvest any data on the system. If you have opened something that made you think you could be at risk, you should run your antivirus and let your IT department or IT support provider know.
- Don’t click links or send out any sensitive information
The same advice applies to links in emails. Unfortunately, phishing attacks are becoming more difficult to spot – they’re perfectly designed to look trustworthy. Check out our previous blog post on using the DAC method to spot phishing emails
. Remember that no secure company should ever ask you to confirm sensitive data like your password or PIN over email, and neither should your boss
. If in doubt, call the phone number on the company’s website and ask for their confirmation before acting on anything.
- Keep business and personal emails separate
Most people have a personal email account and a work email, and it’s important that the two remain separate. Many businesses will write into their ‘Fair Use of IT’ policy that you cannot use your work’s account to send or receive personal emails, and you shouldn’t send work emails from your personal account either. This is an important email security best practice for employees, as mixing the two opens you up to more security risks.
- Train all of your staff
Anyone that has access to professional email accounts should undergo some basic training in how to use – and how not to use – their work email account. This involves being able to spot phishing emails, secure their devices and report any cybersecurity incidents. It only takes one person who isn’t familiar with technology to click on a dodgy link from a work computer, and the entire system could be compromised.
- Ensure all incidents are reported
It’s important to create a culture where all staff members feel comfortable reporting any potential business email security risks. This can be difficult because people may be reluctant, particularly if they are worried that they may have caused the risk by clicking on the wrong link. However, not reporting a potential threat has much larger implications for the business.
- Have a plan and policy in place
For email safety best practices, your IT policy should lay out the expectations of staff regarding their use of company email accounts. Additionally, it should have clear guidance on the steps a staff member should take if they experience a problem with their email account or if their account is compromised. This means that if a problem does occur, it can be reported, investigated and resolved quickly.
- Review your security
This one is more of a general tip, but frequently reviewing your business’s cybersecurity
– including that of your email accounts and servers
– means that you are more likely to spot anything abnormal and be able to stop it. Talk to your IT support to ensure that this is occurring.
When it comes to email security best practices for employees, many people are aware of what they should be doing. However, when you’re busy at work, it’s easy to let your emails pile up or accidentally click a link you shouldn’t. Be aware of the risks against your business’s email security, ensure your staff are trained and, if in doubt, talk to your IT support provider for further guidance.
At Integral IT, we offer independent cybersecurity consultations
so that you can see where your business is doing well and what parts of your cybersecurity foundations need to be reinforced. Contact our friendly team
today to get booked in or enquire about our IT support