Let’s talk about email security.
Since email is one of the largest business productivity tools, it's unsurprising that it's also a prime target for cybercriminals. Phishing emails alone, the most common form of online scams, saw a huge increase of 173% in Q3 2023 compared to the previous quarter!
GMail blocks a whopping 100 million phishing emails every day, and that's just one email platform! Emails feel personal, addressed directly to us and landing in our digital (and sometimes even physical) inboxes, and while most of us struggle with email overload from time to time, we still trust it as a secure way to communicate. This sense of security is likely why phishing emails are so effective.
We are all guilty of often responding to emails in a hurry – a quick reply before lunch or dashing off to a meeting. These rushed moments are when we're most vulnerable at falling victim to scams such as phishing. Recent studies show that a massive 88% to 95% of data breaches stem from human error.
How do we best respond to this?
Due to its inherent lack of authentication and reliability, email should be treated with caution. Many email security best practices for staff, from way back when email first landed on the radar, are still pertinent today: robust passwords should be employed, spam filters should be implemented, unsolicited offers that appear too good to be true should be viewed with suspicion, and even correspondence from seemingly trustworthy sources should be verified.
However, as email is increasingly central to business operations, it’s key for everyone to adhere to a more stringent set of email security best practices. These can be summarised as follows:
- Educate & Inform: Ensure that your colleagues are savvy with email security by equipping them with the knowledge to recognise and mitigate email security threats.
- Implement Strong Passwords: Enforce the creation of strong passwords that combine uppercase and lowercase letters, numbers, and symbols.
- Different Account? Different Password: Discourage the reuse of passwords across different email/communication platforms and applications.
- Refresh Passwords: Regularly changing passwords can be beneficial, but the latest guidance should be sought to determine the most appropriate approach for your organisation.
- Multi-Factor Authentication: This adds an extra layer of defense and will add a crucial second step to the login process.
- Phishing: Ensure that your employees are vigilant against phishing scams. These are becoming more and more sophisticated, so always sanity check the senders email address and look for any inconsistencies in the body of the email.
- Treat Email Attachments with Caution: Exercise caution when opening email attachments, especially from unknown senders.
- Exercise Caution with Email Links: Refrain from clicking on links within emails unless you are absolutely confident of their legitimacy. Hovering over to see the link details or copying the link and pasting it elsewhere can give you a good idea on legitimacy.
- Maintain Clear Boundaries Between Business and Personal Email: Discourage the use of business email accounts for personal purposes, and vice versa.
- Use Corporate Email on Approved Devices Only: Ensure company email is only accessed and used on authorised devices.
- Encrypt Sensitive Communications: Implement data encryption practices to safeguard sensitive information sent via email, including attachments.
- Public Wi-Fi: Advise employees to exercise caution when using email on public Wi-Fi networks as these can be maliciously accessed.
- Embrace Email Security Protocols: Implement and adhere to robust email security protocols within your organisation.
- Utilise Email Security Tools: Leverage available email security software and tools such as Mimecast to bolster email protection.
- Logging out: Probably the simplest yet effective measure: Emphasise the importance of logging out of email accounts when not actively in use.
To Conclude
UK businesses of all sizes are waking up to the importance of prioritising email security, with solutions that safeguard employee communication and reduce cyber-attacks. Being email savvy is vital to protecting a company's brand, reputation, and bottom line. Email threats can lead to devastating costs, operational disruption, and other severe consequences. With our recommendations above, you can help mitigate the risk.
"If you are unsure – don’t click it, don’t open it."