When you get caught up in the search for the latest app, hottest software or new-fangled device, it’s easy to look past the tried and tested office tools that keep your business or agency ticking over day-to-day, such as email.
However, with everyone from celebrities to presidential candidates falling foul of email hackers, we ask: How safe is your business email?
Hackers don’t exactly publish handbooks, but even controlled hacks have proven how easy it is to access email, tap into a user’s history and even capture login credentials using key-logger software, which is why increased data security is one of the big trends at the moment.
Basic cyber hygiene is advised for everyone, but how many of us pay attention to the warnings? On any given day, millions of people in the UK alone will merrily piggyback public WiFi to open business and personal emails loaded with sensitive information, oblivious to the risk they pose to their own data security or that of their employer.
As technology gets cheaper, hackers get better and open networks and cloud computing grow, there’s no doubt email security is set to become a bigger issue. Worryingly, small businesses are particularly vulnerable, with attacks on companies with 250 employees or fewer on the increase.
The good news is that small can also be smart and there are lots of ways to help ensure your business email is protected.
Here are six tried and tested tips to help you stay one step ahead of hackers.
- Have a security plan
Cyber security is bigger than just email, but a strategy for keeping your website, payment information, customer data and company financials safe should also include a secure email service that counters the major threats to your inbox.
Prevention is always better than cure - it’s also less expensive and brand damaging - so it’s wise to start with a good plan and revisit it regularly to ensure it has you covered as your business grows.
- Train employees in email security
It’s openly acknowledged that many companies spend less than 1% of their security budget on employee training programmes, despite the fact they’re your first and arguably most important line of defence when it comes to cyber security.
It’s not front of mind for everyone, so it makes sense to follow a few simple rules and remind the masses regularly that everyone is responsible for email vigilance. We recommend:
- Educating employees on the dangers of phishing for protected information
- Explaining the dangers of spoofing and hackers masquerading as legitimate entities
- Highlighting the dangers of opening links or attachments from unknown sources that unleash the latest form of malware
- No response to emails that request changes to passwords or login details, no matter how legitimate they appear
- Updating antivirus and anti-spy software on employee devices periodically
- Enforcing a blanket ban on the use of work email to send or receive personal messages or react to chain mail
- Making it company policy for employees to lock their computers before they leave their desks
Some companies have found real success in programmes that test an employee’s security consciousness and reward high pass rates – actively encouraging employees to swot up and know their stuff.
- Consider email encryption
Encryption helps protect information from hackers by limiting user access - a no-brainer for businesses that deal with sensitive client information.
Government agencies down to cosmetic surgeries have had egg on their face over leaked or hacked information and if your business relies on confidentiality, it makes sense to ensure email security will never leave you (or them) compromised.
There are lots of off-the-shelf packages to download or install, depending on your security requirements, so adding encryption to your cyber armour doesn’t mean crazy IT resources or expense, and outsourced IT support or an IT consultant can be brought in to oversee this should they be needed..
- Ensure passwords are secure
Sounds obvious enough, but how many people do you know who use the same, easily remembered (and guessed) password for everything? Indeed, Password and 123456 might well be the most used across the globe.
As a rule, every employee should have a unique password for their work computer and email system. The password should be reset every three months and multifactor authentication for password changes adds an additional layer of security.
The strongest passwords are made up of 12 characters and a combination of numbers, symbols, lower-case letters and capital letters. It’s common sense really, so use something memorable (you don’t want to lock yourself out every day), but your kid’s name, the name of your beloved pet you keep a photo of on your desk, or your date of birth probably won’t cut the mustard.
There are some great software solutions out there for businesses and agencies who could use a tool that stores codes, bank accounts, email accounts, PIN numbers and the like in one place. These tools offer watchdog services too, monitoring your system, flagging vulnerabilities and raising the alarm if there is any kind of breach.
- Discourage email hoarding
Every business should be purging emails regularly, not least to keep their systems efficient and compliant. Remember, the management of some shared data will be bound by strict data protection laws, so they can’t be stored or left to hang around your inbox like a regular email about Sharon’s retirement drinks.
To get around this, many companies employ a 60-90-day standard and have automated clean-ups running in the background that archive or permanently remove emails that haven’t found a suitable home.
Some of us are hoarders by nature, so frequent reminders and automated sweeps can help keep inboxes light, systems fast and your compliance officer happy.
- Get strict about company-related devices
Businesses and the way employees work are more fluid than ever. Working on the road, from home, hot desking between offices and generally making the office wherever you happen to be, is commonplace.
The freedom of Bring Your Own Device or Choose Your Own Device brings its own security risks, so pretty much everything we’ve mentioned before should be a priority for remote device users.
Data protection, email encryption, robust password protection and remote device management that improves WiFi security and even allows you to wipe information, should your company device find its way into the wrong hands, are all worth considering.
And if you need a helping hand…
We can help employers whip their email into shape and add software to their IT repertoire that will help them keep things simple, safe and secure. Contact us to find out how we can help your business to grow with great IT support and consultancy, and if you’re nervous about the dangers of an email attack, download our Business Continuity Plan checklist so you can have all bases covered should there be a worst-case scenario: