Basic Email Security Practices Everyone Should Know

Abstract

Email is a great communication tool for just about every business in existence today, which makes it no surprise that many cybercriminals choose it to be their preferred attack vector. In order to keep your business as secure as it needs to be, there needs to be a respect for the importance of comprehensive security standards and practices.

Let’s review a few that your business needs to have in place.

Passwords
Of course, we have to mention the first line of defense your organization has against any unwanted access. Unfortunately, it isn’t the easiest thing in the world to remember a different password for the numerous accounts that everyone has these days. Cybercriminals understand this difficulty and count on it, realizing that their chances of getting into multiple accounts with a single password are pretty good. And be honest with yourself – how many of your current passwords are just some combination of a significant name, year, and maybe favorite keyboard symbol?

This also helps cybercriminals out. By digitally researching someone, a cybercriminal can piece together someone’s life somewhat effectively. They understand that, through social engineering and the results of this research, deducing the average user’s password is far easier than it should be. As a result, they could potentially bypass your entire security system if they target the right (or would that be the wrong?) employee.

Fortunately, you can counteract these efforts largely through some basic best practices and employee training. Teach your employees about things like passphrases, an easier to remember (and often more secure) alternative to passwords, and implement a password manager to help them out. You should also enforce a policy that requires passwords to be changed on a regular basis… just in case.

Two-Factor Authentication, or 2FA
2FA works in pretty much the way you would expect. Instead of just requiring a password to access something, another unique piece of data is required – this piece often generated on demand. This makes it so that someone who may have somehow obtained a user’s credentials wouldn’t have all they needed to gain access. Authentication is often provided thanks to something that the user has (like a key card or mobile application), something the user knows (like a secondary password or PIN), or something that the user “is” (through biometrics). While this isn’t a foolproof method, it still helps very much against cybercriminals.

Click Awareness
Unfortunately for our security, the instinct to click on things is pretty deeply ingrained in most of us by now. This means we’re likely to access links that we probably shouldn’t if they come through our email. From intern to Chief Executive Officer, anyone can slip up and let in a threat.

Phishing scams capitalize on this tendency by disguising threats as (sometimes) legitimate-looking messages, directing the target to (sometimes) legitimate-looking scam websites, or to access attachments that infect the user upon download. A good rule of thumb is to not click on unexpected attachments until you have confirmed them through other means of communication, and to liberally use a malware-scanning tool.

NetMGM can help you with each of these practices. Give us a call at 888-748-2525 to get started.