There’s no question that email is one of the most important tools for business communication. However, with email comes risk — of phishing attacks, data breaches, malware spread, account takeover and other email-borne threats.
Cybercriminals know that all it takes is one errant click on a malicious link to gain access to network infrastructure and sensitive data. This has led to a proliferation in email attacks in recent years. According to the FBI, business email compromise is now among the most effective forms of cybercrime today, accounting for more than $1.7 billion in losses per year.
An effective email security strategy must defend against advanced email threats wherever possible, while also allowing the flow of business to proceed unencumbered.
Below, we’ll outline some email security best practices to help you keep your team’s business communications safe and secure.
1. Enforce multi-factor authentication
One of the simplest ways to improve your organization’s email security is to implement multi-factor authentication (also called MFA).
MFA adds an extra layer of security by requiring users logging in to confirm their identity with an additional factor, such as a code sent to their phone or generated by an app. This makes it much more difficult for attackers to breach email accounts, even if they have stolen a password.
2. Require strong passwords
In previous years, cybersecurity professionals have recommended using complex passwords including combinations of upper- and lowercase letters, numbers and special characters. In practice, they’ve found that this led to users creating passwords that were almost impossible to remember, so passwords would end up being written on sticky notes next to the work machine.
Instead, experts now recommend using passphrases, which are easier to remember and harder for hacking programs to guess. Using Security.org’s How Secure Is My Password tool, we see that it would take a computer around 800 octillion years to crack “EmailSecurityIsVeryImportant” versus just five years with “kI8Ure_o+9.”
3. Don’t access email over public Wi-Fi
Public Wi-Fi is one of the most common ways that email accounts are compromised. When accessing email over public Wi-Fi, attackers can easily intercept data and steal passwords. To protect against this, users should only access email on a secure, private network.
4. Block email attachments from unknown senders
Email attachments are one of the most common ways that malware is spread. To reduce the risk of infection, attachments should only be opened from known and trusted senders. If an attachment looks suspicious, it’s best to err on the side of caution and delete it.
5. Use DKIM, SPF and DMARC to protect email messages
DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) are all email authentication protocols that can be used to verify the identity of email senders and protect email messages from being spoofed.
By implementing these protocols, businesses can make it more difficult for attackers to impersonate legitimate senders and deliver malicious email messages.
6. Use encrypted email
Email encryption is another effective way to protect email communications from being intercepted and read by unauthorized parties. Encryption uses cryptographic keys to encode email content so that it can only be read by the sender and the intended recipient.
There are two main types of email encryption:
- S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME encrypts email messages end-to-end, meaning that the message is encrypted before it leaves the sender’s device and can only be decrypted by the intended recipient.
- PGP/MIME (Pretty Good Privacy): PGP also encrypts email messages end-to-end, but uses a different encryption algorithm than S/MIME. PGP can be used with any email client, whereas S/MIME requires special software.
7. Be conscious of phishing and social engineering attacks
Phishing attacks are email-based attacks that seek to trick users into revealing sensitive information or downloading malware. They often take the form of fake messages purporting to be from a legitimate organization or individual. To protect against phishing attacks, users should be trained to recognize the signs of a phishing email and never click on links or attachments from unknown or untrustworthy sources.
It’s hard to overstate the risk that phishing presents. In the summer of 2022, attackers used phishing emails to breach the networks of 136 corporations around the world, including major tech infrastructure providers like Twilio and Cloudflare, putting thousands of their client businesses at risk.
8. Train your team on email security best practices
Email security is only as strong as the weakest link. To ensure that email accounts are well-protected, it’s important to train all users on email security best practices. This includes things like using strong passwords, being cautious of phishing attacks and only accessing email on a secure network. By educating your team on email security best practices, you can make it more difficult for attackers to gain access to email accounts and sensitive data.
9. Contact Sanity Solutions to level up your email security
Sanity Solutions can help you architect and implement your email security practices. Our innovative suite of email security services is tailor-made to help your team detect, block and analyze phishing attempts, spear phishing, malicious links and other advanced threats.
Our capabilities include:
- Security awareness training
- Threat intelligence
- Phishing simulations
- Email security consulting
- Spam filtering
- Data loss protection
- Incident response
Contact us today to discuss your email security needs and learn more about how we can help.