No longer a handshake or a phone call, businesses live and die by email as employees’ primary way of communication. Therefore, it makes sense that cyber criminals target holes in email security to worm their way into your private company data and information.
Company size is irrelevant in terms of protecting your business from hackers. Meaning email security should be included as part of any company’s overall IT security plan. Recently, real estate mogul, Barbara Corcoran revealed her bookkeeper was tricked by an email that appeared to be sent by Corcoran’s assistant. The bookkeeper wired $388,000 to a false bank account in Asia. How in the world did THAT happen? The cyber criminal used an email address a mere one letter off from the assistant’s real one and was able to give details, that frankly, anyone following Corcoran’s transactions would know.
READ: How to Protect Your Business from Phishing Scams
Remember the infamous Sony hack in 2014? Among data hackers posted for the world to see was unreleased films and scripts, employee personal data, HR files, employee passwords and logins, and more. These are just two instances of IT security gone wrong. The takeaway is that no company’s email security, not even yours, is impenetrable.
The Center for Strategic and International Studies puts the cost of cyber attacks on the U.S. economy at $100 billion annually. The number of cyber attacks on businesses with fewer than 250 employees is rising steeply with a cost of $188,000 per attack.
When a mogul like Corcoran’s bookkeeper can be duped and a global corporation like Sony can be brought to its knees, what is the chance your email security and employees can fend off hackers?
No business’s IT security is completely and fully safe from hackers, but our experts in IT support have a few tips to keep your company safer. Getting your employees on board with following email security protocol is key since they most often are the entry point for hackers.
Include email security in your overall IT security plan.
A comprehensive IT security plan covers your network, critical and private data and hardware. Email security should also be part of your plan since links in emails (and your employees clicking on them) are what opens the door to malware, and your data.
Email encryption might be worth a look.
Encrypted email allows certain users to access and read emails, which protects personal information. Different methods offer different levels of email security, ranging from software plugins and email certificates to third-party encrypted email services. Your IT consultant can recommend which solution best matches your needs.
Force the secure password issue with employees.
Employees everywhere are notorious for creating easy passwords and using the same passwords across all computers and accounts. It’s their way of making their jobs easier. Be that as it may, every employee should be mandated to create different STRONG passwords for their computers, email account and any software applications they login to. Changing these passwords across the board every three months must be standard operating procedure. No, they may not like it, but it’s in the company’s and their best interest, as it’s not just company data being protected, but their private, personal information.
What is a strong password? The strongest passwords consist of at least 12 characters and a combination of numbers, symbols, lower-case letters, and capital letters—not “123456” or “password”.
Make email security part of your onboarding and continual training.
Employers assume that out of all the things new employees must learn when hired, how to use email isn’t one of them… like using a phone. Yes, emailing is a universal skill, but email security, isn’t. Including these best practices is an easy and inexpensive skill on which to train new hires. It’s also worth reminding existing employees on a regular basis, considering the cost is $188,000 per attack on average.
Train employees to abide by the following email security rules:
- Never open links or attachments from unknown senders
- Don’t change passwords or send personal information in response to an email that requests it. If in doubt, call the sender to verify
- Keep antivirus and anti-spy software updated
- Encrypt emails containing sensitive data before sending
- Don’t use company email address for personal emails
All the above applies to employees’ mobile devices when used for work.
Whether using a personal phone or company-issued phone, device or laptop, all the above still applies so hackers cannot access devices via shared WiFi networks, especially when working while traveling or remotely.
Interested in learning more about email security and the impact it has on business? Contact Kansas City’s best IT consulting group today.