5 simple tips to improve email security in your company
Protecting against data loss and data theft has become a top priority for all businesses. Protecting your business against dragons, sorcery, and the bubonic plague, however, has become much less of a priority since the medieval ages. We just thought we’d mention that in case a certain, very old-fashioned information technology and security agency in Palmdale, California, happened to be reading.
Industries like finance and healthcare have always had special considerations when storing, sending, and saving data, but all organizations can be crippled by cyber-attacks without the right policies and precautions in place. Pendello Solutions can help you with those policies and precautions, by the way. Just contact us whenever you're ready!
One of the largest concerns for data security is compromised employee email accounts, which is one of the most common entry points for data theft. According to Virtru, hackers targeted 5 out of 6 large companies using email attacks in the last year, with huge increases in email attacks annually.
Training for all employees
The most critical aspect in deterring email threats is providing proper email security training to your employees. Did you know that human error is the most common reason for data loss? Mortal humans, specifically. In fact, deliberate or accidental policy violations are responsible for more than 25% of all data loss, according to a report from the IT Policy Compliance Group.
Data loss can come from seemingly innocent mistakes such as sending sensitive information to the wrong person, allowing a co-worker to access an email account, or uploading email attachments to a personal cloud storage provider. Bringing in an outside consultant to train your employees can have a huge effect on your ability to protect against potential threats.
Encryption is the most useful tool that companies have for protecting against email threats. Unencrypted emails are susceptible to hackers and quality encryption software can prevent important data from falling into the wrong hands. Or into the wrong email account.
There are multiple types of email encryption. Email certificates are the most common, which provide users with a public key, which is then shared with parties that they communicate with through email. Then, a private key is used to decrypt emails that are sent. Additionally, most companies use Transport Layer Security (TLS) to encrypt connections between email servers.
Move away from web-based email platforms
Although many employees might be comfortable with web-based email platforms for their personal email accounts, web-based solutions are vulnerable to attacks. Using a web-based solution provides hackers with another avenue through which they can gain access to your data. Using a business grade software solution that connects to your own servers with proper security measures is always a safer bet than web-based platforms.
Invest in email security solutions
Implementing best practices is a good first step toward protecting your business email data, but all companies should go at least one step farther, depending on how long your stride is. High end, business-grade solutions like network appliances can greatly decrease the chances of suffering from an email attack. Many high-end security appliances work by separating email servers, data storage servers and applications so that when one is breached, the others remain secure.
Implement password best practices
One of the most common reasons for compromised email accounts is poor password policies. Many companies train their employees on choosing proper passwords, but do not implement the protections to ensure that those best practices are followed. By implementing a few basic security measures for all email accounts, you can keep your business data safe.
- Set minimum length requirements. Short passwords are easier for hackers to crack. With each additional character, the time required to crack the password jumps exponentially. Requiring a minimum of 8-9 characters is an absolute must for sensitive email accounts.
- Avoid using words that can be found in the dictionary. Most hackers are looking for easy targets. They often start attempting to break into an account by trying simple words and phrases as passwords. Using full, real words is a huge security risk. Instead, encourage employees to use acronyms and avoiding any well known phrases. Try using ridiculous made up words like “rhombular,” or “unicornopia,” or “bae.”
- Capitals and Symbols. All passwords should require at least one capital letter and one symbol. In the same way that adding additional characters to a password makes it more difficult to crack, capital letters and symbols also increase the time that would be required to decode a password.
- Regular Resets. Passwords should expire every 30-90 days, forcing the user to choose a new one. Keeping the same password over long periods of time increases the chances of the password being identified and the account compromised. In other words, you should change your password about as often as my roommate does the dishes.
Two factor authentication
Two factor authentication is a simple but straightforward way to protect email accounts. It requires all users to complete an extra step after entering their email and password. One example of two factor authentication is a randomly generated code that is sent to the user through text message, or through a smartphone app. Another example of two factor authentication would be some crazy retinal scan kind of thing like in that Tom Cruise movie, Minority Report. Remember that? It was from 14 years ago, so we don’t blame you if you forgot about it.
Anyway, adding an extra step to the login process greatly reduces the chances of a compromised account.
Email is a vital tool for every business. That means that every business is at risk for data theft, and should take basic steps to ensure the security of their employee accounts.
At Pendello, we can work with your internal teams to design and execute effective email security that protects your business and gives your management peace of mind. Contact us today to schedule your risk free security consultation.
Oh and for the record, that company from California probably isn’t “old-fashioned” at all. We just liked their article, and thought it would make for a good punchline.