Email is the most popular form of communication worldwide. It’s widely available, easy to use and free, meaning almost everyone around the whole world has access to one.
The number of email users worldwide continues to increase and despite the emergence of alternative communication channels, such as chat apps, remains integral to daily lives. In 2020 there were 4 billion email users, which is set to rise to 4.6 billion by 2025.
Unfortunately this also means there are risks involved. Due to its popularity, email is the primary vector for Phishing Scams and Malware distribution. The average cost of cyber security breaches in the past 12 months in the United Kingdom was 1,200 British pounds across all businesses as reported by Statista.
Phishing Emails or being directed to Spoofed Websites was the most common method in 2019 and accounted for 80% of security breaches.
All this might seem scary, especially for Smaller businesses. How can you defend yourself when even big companies fall victim to breaches occasionally? There are actually a number of ways to safely use your business email and greatly reduce your risks. We will go over them in this post.
Risks of email use
As mentioned above there are a number of risks associated with email use. Having a brief understanding of what they are and how they work will help you better understand why you should implement certain strategies and best practices.
Here are 3 main things you need to be aware of:
Spam
Spam is when you receive irrelevant and unsolicited emails. These can range from harmless emails from overzealous marketers to more dangerous phishing scams or mails containing malicious links or attachments.
Phishing
Phishing can be broken down to a number of subcategories. You will likely come across phishing emails that get through spam filters occasionally. It’s important to know how to identify them. A phishing email will try to extract sensitive information from you or your employees which could result in serious financial losses or Identity Fraud.
Malware
Malware is a type of software designed specifically to cause disruptions, damage your devices or give unauthorised access to attackers. Usually threat actors will send emails with an attachment containing malware or a link to a site (which might be spoofed to look like a trusted popular site) asking you to download a program.
How to safely use your business email
With all these threats lurking around, how do you safely use your business email? It’s not complicated. There are many things you can start doing right now to significantly improve your security.
Here are some of them:
Email Encryption
One of the first things to consider is if your communications are encrypted. Not all email services provide End-to-End encryption by default. This means anyone who has access to the network the email is sent through can freely read what it contains.
Some service providers have started implementing this. Microsoft Outlook now gives their users the ability to use end-to-end encryption for their emails and it is highly recommended you do so.
Strong Passwords
This one doesn’t only apply to email really. You should make sure all employees have their own unique passwords. It’s extremely important only the authorised account holders have access to their email.
If someone was to obtain your email password they could use it to obtain sensitive information about you, send out malicious emails from you to your contacts (putting them all in danger as they’re more likely to open links and attachments or share information assuming it’s from you) or even gain access and lock you out of all your other accounts.
The NCSC has a guide on creating strong unique passwords and why it’s important.
Limited Access
An effective way to minimise risks further is to limit the access your employees have on their devices. This means making sure they only have access to software, online services, settings, etc., required to perform their role.
Always separate accounts with administrative privileges from standard accounts and make sure they’re only used for administrative tasks. This way if someone clicks on Malware, damage can be minimised as they won’t have access to more important and sensitive parts of your network.
This post by Cyber Essentials explains this really well.
Educate yourself and employees
You should educate yourself and your employees about how to use email safely. There are several rules should follow:
- Never open links or attachments from unknown addresses.
- Never reply to emails requesting a password change (unless you yourself requested it and expect such an email) or ask for personal information.
- Check that your antivirus and other protection software is up to date
- Don’t use company emails for personal communications
- Do not forward company mail to a third-party email system
- Make sure employees using email on mobile phones have adequate protection in place.
You might also want to hold regular simulations and test your employees. To do this you could send out your own phishing emails or ask someone to do so. This can help you identify if more training is needed to avoid falling victim to a real one.
The following post about detecting phishing emails provides excellent examples.
Don’t leave devices unattended
You should make sure you have a policy that requires all employees to lock their computers when stepping away from them. On Windows devices you can quickly lock your PC by pressing the Windows Key + L.
Use AntiVirus software
Mistakes can happen to the best of us. Sooner or later you or one of your employees might click on something they should not have. Hackers can get very creative and chances are one day you might fall for one of their campaigns.
You need to have robust endpoint security in place. AntiVirus software can be a lifesaver and prevent you from downloading a dodgy program or running a malicious piece of software.
At Globe2 we use BitDefender and highly recommend it. This is something we can provide and set up for our clients.
Use a VPN
Require that everyone connects to a Virtual Private Network (VPN) when working remotely. You have very little control over the security of external networks your employees might be connecting to. In order to protect your business data and avoid breaches ensure your remote staff first connect to a secure VPN before handling sensitive information.
Our article about using Wi-Fi safely with a VPN goes into detail about the dangers of using public networks and how they can be mitigated with the help of a good VPN.
Conclusion
No single security measure is foolproof. However, combining multiple together can make your business email very secure. Never cut corners when it comes to cyber security.
We understand that for Smaller Businesses staying on top of all the new cyber security standards and practices can be quite overwhelming. This is why we have a team of experts ready to give you advice and provide support.
Leave us a message and a member of our highly-rated support team will be in touch with you soon.