3 Email Security Mistakes You Might Be Making Right Now

A 2021 study by Stanford University found that human error is the cause of 88% of all data breaches. That is a lot of human error! And while there are no magical security controls that can instantly turn your staff into model employees, the good news is that human error can be corrected. As a small business owner you have the power to train your employees to become security experts by implementing best practices and ongoing training when it comes to email security.

Mistake #1: Quick & Careless Handling of Work Email

One of the first areas you can address when it comes to email security is reminding your staff to slow down when accessing a work email address. It is all too easy to glance through an email and mistake a convincing fake for a real communication from a major business or client. Everyone knows by now not to open an email from an unknown sender. But what if the sender’s email address looks right and you don’t think to check it? You could easily become the victim of a phishing email scam, such as the recent Windows Defender scam. Those scam emails that looked like they came from Microsoft, when in reality they were scammers that were spoofing Microsoft email accounts. Countless individuals and businesses were scammed into sharing credit card information for a new subscription that didn’t exist.

Train your employees to slow down, and if anything looks fishy (or phishy!), don’t open it. A quick Google search can usually identify a current email scam. And if you or an employee do happen to open an email from an unknown email address, a few key things can help you identify if it is a scam:

• Multiple spelling errors and grammar mistakes
• The email asks for personal information, or directs you to click on a link to update personal information
• The email is written in urgent language or notifies you of a time limit to complete the action

Each of these are strong clues that the email is spam and should be deleted right away. It goes without saying, but never click on a link from any email that you feel uncertain or uncomfortable about.

Another issue to address is email password security. A 2020 survey found that 99% of people reuse their passwords across multiple accounts. 99%! The article quotes a cybersecurity veteran who noted that the rapid move toward remote work has shifted the balance of control toward employees, rather than IT techs. But regardless of whether your staff works remotely or not, the responsibility is on you to reinforce best practices and create a culture of vigilance around cybersecurity. One way that you can avoid the temptation to reuse passwords is to require password updates on a semi-annual basis. While it can be frustrating for employees, and may lead to the related issue of leaving passwords around on sticky notes, updating passwords regularly increases your email security. 

Here are some suggestions for making frequent password changes less painful:

• Think of a phrase that relates to a current situation in your life, and turn it into an acronym.
• Replace some letters with similar looking numbers or symbols, such as using a “3” instead of an “E”, or a “!” instead of an “i” in your password.
• If you are using a date in your password, flip the numbers or re-order them numerically.

Going back to the challenges inherent within remote work, one final way to encourage good email security habits is to remind your employees who do work remotely to avoid using public wi-fi. There is no way to guarantee the security of a public wi-fi connection, so it is best to just avoid it altogether. You can be proactive about that by providing a virtual private network (VPN) and removing the temptation to just hop on to the Starbucks public wi-fi for a minute. That minute could be when your small business email account gets hacked. 

Mistake #2: Not encrypting your emails or implementing multi-factor authentication

Now that we’ve addressed fixable areas of human error, we’ll address steps that you as a business owner can take to increase email security. There are two security controls that you can put in place to protect your business’s email system.

The first is setting up email encryption. Email encryption disguises the content of your messages to protect sensitive information from being accessed by anyone other than the intended recipient of the email. There are a few different things that should be encrypted. The first is the connection from your email provider, then the emails themselves, and finally your stored, cached, and archived messages. Encrypting all three means that an unauthorized user can’t capture your login information, messages are encrypted before they are even sent, and that the content of saved messages can’t be accessed even if someone does hack in.

The second is implementing multi-factor authentication. Multi-factor authentication applies a second line of defense to your email password security. It can work by requiring the user to enter a four to six digit numerical code that is texted to their personal phone. Or it can require the user to pass a small test to prove their humanity, such as entering the alpha-numeric code displayed on the screen. This extra layer of security makes it much harder for a hacker to break in and exploit your email system, even if they do manage to get their hands on or hack an employee’s password.

Mistake #3: Not employing a multi-layer firewall and not keeping your antivirus software up to date

The last step to boosting your email security is to make sure that you are employing a multi-layer firewall that includes antivirus, and that you are making sure to regularly update and apply patches to your firewall and antivirus. Having a robust firewall protects your business  email, in addition to other levels of your cyber activity. But we’ve talked before about how antivirus and firewalls are not a one-and-done measure. Making sure to apply updates and patches as soon as they are released means that hackers can’t get in and take advantage of defects or holes in your cybersecurity. 

Tech Masters are security experts and can address all your small business security needs. Contact us for a free assessment! We can offer the best value recommendations to upgrade your cybersecurity.

For quick answers to common email security questions, check out our Frequently Asked Questions below.

FAQ’s

What is email phishing?

Email phishing is when someone uses a spoofed email address to trick you into believing that a legitimate company is contacting you, often to gain access to your email address or your personal information, such as credit card numbers. 

What is social engineering?

Social Engineering is when someone tricks you into giving them your personal information, usually through deception or manipulation. Social engineers use tactics like email, text message, telephone calls, and online chat to try to obtain bank information, email address logins, and more.

How can I improve my email security?

You can prevent social engineering attacks by using strong passwords, never sharing confidential information over unencrypted networks, and only providing personal information to people who have been verified to be trustworthy. Security experts recommend that you upgrade your email security controls to include email encryption, multi-factor authentication, and ensuring that your firewalls and antivirus stay up to date.