A guide to effective email security for small businesses

Because email is a ubiquitous business communication tool, it’s not surprising that it’s the medium by which most security breaches occur. Since the email of even large corporations with substantial cyber-armor can be hacked, it seems that small- to medium-sized businesses (SMBs) will be more powerless against online criminals. However, that’s far from being true. Here’s how SMBs can set up their email security to effectively fend off today’s threats.

Use free and economical tools to build and implement a cybersecurity plan

Since cybercrime costs the economy billions of dollars, governments offer tools to keep businesses safe from cyberthreats. For instance, the Canadian Centre for Cyber Security, the Government of Canada’s centre of excellence in cyber security, has built Assemblyline, a malware detection tool, plus other services that help keep hackers at bay.

Provide email security training for employees

You might have the best email encryption and anti-malware programs available, but if your staff members remain unaware of email red flags and the threats looming in their inboxes, then you’re still leaving your company vulnerable to email hackers.

Training staff on how to recognize phishing emails and to mitigate the damage these would cause is a small investment that pays huge savings later on. A few protocols they must learn include:

• Not opening attachments or links from people they don’t know
• Never automatically forwarding company emails to third-party email systems
• Not fulfilling email requests to submit account credentials — the links provided by such emails may lead to official-looking-but-fake-websites that steal such info from you
• Always updating anti-malware software on their machines
• Using email encryption software or an encrypted email service to add another layer of security
• Keeping work emails separate from personal emails

Don’t just let staff use their personal mobile devices for work

While allowing employees to bring and use their own devices at work bolsters productivity, this practice will increase the number of entry points for hackers. You must implement mobile device management protocols, such as requiring users to encrypt their data, use security apps, submit themselves to access management controls, and allow administrators to selectively wipe data if necessary.

Enforce a strong password policy

Beyond requiring staff members to use symbols and capital letters in their passwords, it’s also a good practice to have them change passwords every three months and go through multifactor authentication. Because it’s also a best practice to have a unique password for every account, a password manager helps users remain sane as they keep company data safe.

Implement a sensible email purge policy

If there’s less data in one’s inbox, then there’s less of it that can potentially be stolen. This is why it’s good practice to eliminate 60- to 90-day-old emails that are no longer needed to conduct business.

Instill a culture of vigilance across the entire organization

Data breaches can be perpetuated even without the use of malicious software. For instance, if an employee leaves their desktop unlocked and unattended, then anybody can just leach away data via that device user’s account. Your cybersecurity seminars should introduce or reinforce the practice of always locking one’s machine before leaving their desk. Imprint upon everyone’s minds that everyone has a role to play in keeping company data safe — and that even the smallest gap in your defenses can lead to damaging and expensive consequences.

SMBs are not helpless against cyberthreats. When it comes to email security in particular, it’s easy to be proactive in setting up defenses. However, email is only one part of the big picture. If you’re interested in making your cybersecurity system and practices Exponentially Better™, then talk to our experts at XBASE Technologies.