Email is essential for today’s business communication. However, with an increasing amount of confidential information being sent through this channel, it’s becoming key for cybercriminals looking to steal information.
Due to the ability to send and receive data, criminals can not only target outgoing messages but can draw employees in with phishing emails.
I explore the common email security mistakes and how companies can safeguard their businesses from external threats.
The ‘spam’ effect
Over 50 percent of total email traffic comes from spam and it’s possibly one of the most overlooked email issues.
Spam emails can not only infect your devices with malware, but a spam attack can cause networks or servers to crash, resulting in lost time and money for businesses to fix problems.
Occasionally, email addresses can get flooded with spam emails and it’s best practice not to respond to any of them as it shows potential threats the address is still active. In fact, one of the most important steps to protect yourself from email security fears is to never open any suspicious-looking emails at all.
Too much spam can also lead some employees into becoming ‘delete trigger happy’, causing actual, legitimate emails to be erased in the rush to clear inboxes.
You can address this concern by regulating spam and by applying filters that redirect questionable emails to a separate folder that can be easily emptied. This can typically be done in the email provider interface, but separate software can be used too.
BYOD policies
With an increase in companies supporting the trend of remote and flexible working, the BYOD market is looking to reach a global value of $367 billion by 2022. Worryingly, according to Druva, 75 percent of employees access corporate files on personal devices, used in these circumstances, which are almost always unprotected.
The challenge with BYOD policies is setting up these devices correctly is both costly and complex. It is also challenging to monitor email security across employees’ personal devices and control how they’re used outside the office.
However, if you offer remote working policies or have a flexible working culture, there are steps you can take to protect data and confidential emails.
Implementing a Mobile Device Management (MDM) plan, allows companies to have greater control over the range of tech used by employees. With MDM, workers can access company information in one secure location that is separate from their personal applications.
This not only means employees can use their devices for personal and business use without compromising the security of corporate data, but also that companies respect employee privacy as individuals are able to keep their personal documents and text messages confidential.
With 70 million devices lost each year, it’s important the data on them is secure in case they fall into the wrong hands. Company devices must have the latest anti-virus and firewall software installed.
To make sure appliances are kept safe, provide those that use their own tablets and phones for work the necessary software to reach compliance. Encourage staff using personal equipment to keep them screen-locked and have important email files password-protected.
Remain aware of your email signatures
Branded email signatures are as important as any other part of your corporate identity. Not only do they increase awareness but they demonstrate the email is from a trusted sender as they include distinguished brand colours, logos and links to the official company website.
An effective email signature sticks to the basics; necessary contact details along with a small, recognisable colour palette. Companies should avoid including private information like personal phone numbers and links to individual social media accounts.
The dangers of taking a relaxed approach to email signatures were evident in a recent news story, which revealed how an email was deemed as a legally binding contract because it included an automated signature.
All business email signature blocks need to be centrally managed and controlled according to the needs of a company. Do you want to run the risk of your employees accidentally entering legal arrangements that you have no way of getting out of?
Risks like these can be avoided by having an email signature management solutions service in place. When set up correctly, an email signature guarantees the sender’s details are always up-to-date and the appropriate email disclaimers are in place. This should include information like how any views are those of the individual sender and not the company, plus confidentiality and copyright statements.
Making sure that everyone is using a consistent email signature block you know will be applied in all internal and external emails will give businesses peace-of-mind and complete understanding of what is being included in outgoing corporate emails.
Training for the whole company
Over 30 percent of phishing emails make it past default security, so email safety is imperative for all businesses, both large and small, to help all employees spot fraudulent messages. Human intelligence is still the best defence against phishing attacks, so it is important awareness training is offered across companies.
Organising external training or educational seminars help teams understand the risks associated with email security. External companies and experts can be hired to boost internal security knowledge and provide training, which can be tailored to suit your employees’ needs.
The introduction of large-scale email safety changes can be tedious to implement. Rolling out short, regular training schemes that work around employees’ schedules will encourage higher levels of staff buy-in.
Training should focus on the most relevant and up-to-date issues for your business. For example, those who rely heavily on email activity should emphasise email threats and best practices for identifying and avoiding spam and phishing scams.
You can cover topics like how to pick strong passwords (and keep them separate from personal passwords), keeping devices up to date with security software and how to use email archiving solutions when accessing data remotely.
When it comes to instilling a company-wide culture of security, it needs to start from the top down. It’s up to managers, directors and supervisors to proactively develop an email ‘safety-first’ mindset in a team to encourage employee responsibility.
