Business Emails are the primary way hackers can gain access to company’s sensitive data and information which can cost billions of dollors. It might surprise you to know that most small business are vulnerable to data breach. As cyber-attacks on companies with less than 250 or fewer employees doubled and the loss per cyber attack was estimated more than $188,000. According to the Center for Strategic and International Studies, the effect of data breach on the American economy as a whole is a high cost of $100 billion annually.
You must be aware about the great Sony email hack of year 2014 was such a big news which left every small, medium business or even big enterprise in shock how they could avoid the same. If such a big company, with thousands of security professionals and multiple layers of security, can be hacked, how come small businesses with fewer resources will protect themself, right?
There are many ways to protect your business mailbox to ensure the security of your critical business data. Get your employees involved, trained and invested in the success of your data security. Below are eight tips to get you started.
1. Implement a full proof cybersecurity plan.
Consider all the methods and technologies on how you can ensure secure business email service—it should also include ways for keeping your website secure and bug free, securing payment information, and other privacy settings. Addressing business email security should be a main priority.
2. Use Email Encryption.
Email encryption protect personal information from cyber criminals by only allowing specific users to access and read emails. There are different methods of encrypting business mail depending on the level of security you need. For example, you could purchase email certificate software that will plug in to your current email client. You could aslo install an email certificate like PGP (Pretty Good Privacy). This will let your workforce to share a public key and use a private key to decrypt any emails they sent or receive. Best and simple solution is to use a third-party encrypted email hosting service.
3. Ensure secure and strong passwords.
Every employee should have his own password set on their work device and email login. Password should be strong enough and reset every three months. Consider enabling multifactor authentication when employees change their passwords. The strongest passwords consist of at least 10 – 12 characters and a combination of symbols, lower-case letters, numbers and capital letters. Avoid using common passwords (e.g., birthdays, children’s names, 123abc etc.) but should be memorable. Also, one should avoid using same password for multiple email accounts, fprums or websites. You can consider allowing the use of single sign on or password manager. CommonKey, LastPass, and Password Genie Some great solutions for small businesses available who are looking for software to store bank accounts, passwords, email accounts, PIN numbers, and other account information in one place.
Want to know if your password has been breached or hacked? Subscribe for watchdog services like PwnedList or Breach Alarm, They monitor leaked and hacked passwords and will report automatically to you if any of your email addresses are hacked or vulnerable.
4. Enforce Two Factor Authentication.
Two Factor Authentication, is an extra layer of security used to ensure the security of online accounts beyond just login and password. Two-factor authentication adds an additional security layer of protection to the login process by making it harder for hackers to gain access to a mailbox because hacking the victim’s username & password alone are not enough to pass the authentication check. 2FA is used to control access to mailbox, and online email hosting providers are increasingly using 2FA to protect their users’ credentials from being used by cyber criminals who have hacked a password database or used phishing attacks to obtain user passwords.
5. Develop an email retention policy.
Ask employees to delte emails that do not support business efforts and implement a retention policy to ensure compliance. Many business creates a 60-90-day standard, with steps toward automatic archiving and permanent email deletion after a set time period. Remembe to delete emails that don’t comply with company standard. It can be difficult for some employees to remember, so frequent reminders may be necessary.
6. Maintain strict MDM Policy (Mobile Device Management).
When using a company provided mobile device, or using a personal mobile device from which you send and receive company business emails, one should always keep the device/laptop password-protected, encrypt data, and install best mobile antivirus so cyber criminals cannot access devices via shared WiFi networks. Look for enterprise grade business solutions with built-in mobile device management features and options to keep your critical data safe with conditional access, multi factor authentication, device management, and selective wipeout of company data.
7. Train Your employees in email security.
Employees play a very important role in keeping company’s data secure through email. You should train your employees with basic cyber security, safe browsing and what types of emails to avoid. According to InfoSight, 50% of all business spend less than 1 percent of their security budget on training their employees on how to be aware of email security threats. Yet 64 percent of companies has experienced some level of financial loss due to data breaches and 85 percent orginizations detected computer viruses. Wouldn’t it be worth spending some cost on employee training to mitigate the potentially huge cost of a data breach?
Specifically, train your employees to comply with the following rules:
- Never open unknown links or malcious looking attachments from unknown persons.
- Ensure a good business antivirus and anti-spy software is installed on your computer.
- Don’t respond to emails that request a password change and require you to provide personal information even if the source looks official.
- Encrypt emails containing sensitive data before sending.
- Don’t automatically forward orginizations’ emails to a third-party email system.
- Avoid using company business email address to send and receive personal emails.
In addition, some business have found success in arranging programs that test employees with phishing campaigns, and other cybersecurity threats and rewarding them incase they pass these tests.
8. Avoid using common pitfalls when securing business email.
Business mailbox can aslo remain unsecured in other ways as well. Make sure to consider the below points:
- All computers and other devices should use email encryption. There’s no use of using email encryption unless the same standard is applied across the devices.
- Use a good Business Antivirus and Anti-malware to protect your device and web browser from opening malcious files.
- Make it mandatory in your company’s IT policy for employees to lock their laptops/computers (which should be password-protected) before leaving from their desks. Unlocked devices should never be left unattended.