Secure email is more important than ever. It probably comes as no surprise to most business owners that email is a primary way hackers can gain access to sensitive company data and information. But it may alarm you to know that small businesses are particularly vulnerable. Specifically, overall cyber-attacks on companies with 250 or fewer employees doubled in the first six months of last year—and the loss per attack was more than $188,000 on average. The effect of cyber-attacks on the American economy as a whole is a high cost of $100 billion annually, according to the Center for Strategic and International Studies.
That’s one reason the great Sony email hack of 2014 was such a big deal—it left every business wondering how they could avoid the same fate. It stands to reason that if such a large company, with multiple layers of security, can be hacked, small businesses with fewer resources have no hope, right?
Maybe not. There are many ways to ensure your business is protected through secure email. Since your business’s security is only as strong as your weakest link, the secret is to get employees involved and invested in the success of your security. Here are seven tips to get you started.
Of course, this involves more than simply considering how to ensure secure email service—it should also include strategies for keeping your website, payment information, and other information safe—but addressing email security should be a main part of your plan. The Federal Communications Commission created a handy tool, the Small Biz Cyber Planner 2.0, to assist you in creating a customized plan.
Email encryption helps to protect personal information from hackers by only permitting certain users to access and read your emails. There are several methods of email encryption depending on the level of security—and convenience—you require. For example, you could download or purchase extra software that will plug in to your Microsoft Outlook. Or, you could install an email certificate like PGP (Pretty Good Privacy), which allows your employees to share a public key with anyone who wants to send them an email and use a private key to decrypt any emails they receive. Another simple solution is to use a third-party encrypted email service. Office 365 provides ready to use encryption options like S/MIME and Office 365 Message Encryptionservices to help you meet these needs with little up front work.
All employees should have their own password for their work computer and email system. This is vital for secure email. These passwords should be reset every three months; also consider requiring multifactor authentication when employees change their passwords. The strongest passwords consist of at least 12 characters and a combination of numbers, symbols, lower-case letters, and capital letters. Passwords should not be something obvious (e.g., birthdays, children’s names, etc.) but should be memorable. In other words, employees should steer clear of the two most common—and worst—passwords of 2014: “password” and “123456.”
Also, employees should not use the same password for multiple accounts or websites. Consider allowing the use of a password manager or single sign on function. Some great solutions for small businesses looking for tools to store codes, bank accounts, email accounts, PIN numbers, and other account information in one place include CommonKey, LastPass, and Password Genie.
How do you know whether your password has been compromised? Sign up for watchdog services like PwnedList or Breach Alarm, which monitor leaked passwords and will report automatically to you if any of your email addresses are vulnerable.
Ask employees to purge emails that do not support business efforts and implement a policy to ensure compliance. Many companies institute a 60-90-day standard, with steps toward automatic archiving and permanent removal after a set time period. Remembering to delete emails that don’t comply with this standard can be difficult for some employees, so frequent reminders may be necessary.
Employees play a crucial role in keeping data secure through email. They should be trained on what types of behaviors to refrain from and what types of emails to avoid. Unfortunately, according to InfoSight, nearly half of all companies spend less than 1 percent of their security budget on programs that train employees on how to be aware of security threats. Yet 64 percent of organizations experienced some level of financial loss due to computer breaches and 85 percent detected computer viruses. Wouldn’t it be worth the low cost of training to mitigate the potentially large cost of a hack?
In addition, some companies have found success in instituting programs that test employees with phishing campaigns, spear-phishing emails, and other cybersecurity threats and then reward them when they pass these tests.
Office 365 offers capabilities to help educate users in context to keep them out of trouble while keeping them productive with features like as Data Loss Prevention Policy Tips to inform users if they are attempting to share data in an unsafe manner. Additionally, Exchange Online Advanced Threat Protection adds new protection for specific types of advanced threats.
When using a company-issued mobile device, or a personal mobile device where you send and receive company emails, employees should encrypt data, keep the device password-protected, and install approved security apps so hackers cannot access devices via shared WiFi networks. Office 365 provides built-in mobile device management capabilities, providing options to help you keep your data safe with conditional access, device management, and selective wipe of company data.
Besides all of the things we’ve already discussed, email can remain unsecured in other ways as well. Be sure to consider the following:
By being purposeful when creating policies involving your small business’s emails, you will head off a lot of issues before they even come to pass. Get employees on board and reward them for assisting in developing an environment where information is secure. Together, it’s possible to keep employee, customer, and business data safe—one email at a time.
used with permission from Microsoft Office Blogs
Cyber threats never take a day off, never clock out and go home at the…
Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…
Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…