For most of the companies today, email is the single most important communications tool their employees use. In fact, the typical employee spends 28% of his or her day doing something involving email — more time than they will spend on the telephone, real-time communications and social media combined.
It’s no surprise, therefore, that most businesses now consider email a mission-critical application. The problem, of course, is that when something becomes so commonplace, one of the first things that happens is that it begins to be taken for granted. It’s not that we don’t know about these things and how they work, it’s simply that email has become such a routine part of our day that we simply don’t think about its security, or potential weaknesses in that security any more.
These are things you probably already know, but have put out of your mind for a while, so let’s review:
Your passwords are your first, and ultimately your best line of defense when it comes to security. Passwords should be long (at least 12 characters in length), contain a variety of characters, ranging from lower case, upper case, numeric and special characters, and should be regularly, or at least semi-regularly changed.
Your second line of defense is some form of encryption. If you’re not using an encrypted email system for business, then you should upgrade immediately. Otherwise, you are essentially locking your front door with a dead bolt, and leaving the back door wide open with a neon sign blinking above it. As you can imagine, this provides somewhat inadequate protection.
Stop Spam & Phishing Emails
Spam is not only a nuisance; it can also pose security risks. Phishing emails entice recipients to click on malicious links and provide credentials or confidential information, which can result in security breaches.
Use a Multi-Antivirus Scanner
With new threats being introduced daily, it is important to use multiple antivirus engines in order to increase the rate of detection and reduce the window of vulnerability. Since email is one of the main sources of malware, it is advisable to use a fast performance multi-antivirus scanner to scan incoming email attachments for email-borne threats.
Check for Confidential Content
Make sure that no confidential content is sent via email by checking emails and attachments for sensitive information such as social security numbers and credit card data.
Prevent Targeted Attacks
Zero-day and targeted attacks can go undetected by anti-malware engines, since they are only sent out to specific groups and individuals. In order to protect against these unknown threats, email attachments should be “sanitized” by converting to a different file format and removing any possible embedded threats. For instance, by converting a Word file to PDF, any potentially harmful scripts can be removed.
Check Internal Emails
Malware is usually found in emails coming from external sources, but if an employee’s machine gets infected, malicious emails can be sent via internal email. Employees are also more likely to click on an infected email attachment if it is from a co-worker. For this reason, it is important to ensure that your email security solution also scans internally sent emails.
Train your employees not to click on links or open attachments from unknown senders. Even if the email is from a known sender but somehow looks out of the ordinary, teach your employees to be cautious. In addition, have an email policy in place that lists the dos and don’ts of email use.
Block Emails with Many Recipients
Instead of using an email marketing tool, some employees might decide to send one email and include all recipients in the To:, Cc:, or Bcc: field, for instance to inform customers about a new promotion. This can result in unintended exposure of valuable client contacts, damage to reputation, and privacy breach claims. Emails with more than 15 recipients should therefore be blocked at the server level before they can do any damage.
Block Large Email Attachments
Emails should not contain attachments that are larger than 10 MB. An email that’s bigger than 10 MB will most probably not arrive, and the recipient might not even get an undeliverable message back. In the worst case, a large email attachment can bring a whole network to a halt. To prevent this from happening, set an email policy to block large emails and notify the sender, providing alternate methods for sending large files.
Make sure that you keep a backup of your emails, so that if a disaster should occur, you can still revert to your backup. In addition to using backup tapes, check if your email security solution also provides mail backup functionality.
Add Legal Footer
To comply with regulations, make sure that each email that is sent out includes the necessary legal footer.
Given how much we have come to rely on email as a means of business communication, you owe it to yourself and your company to ensure its security.