Cyber Security: Business Email Best Practices
Email is one of the most popular tools used for personal and business communication. But, without proper security measures in place, it can also lead to potential cyber-exposures.
With poor security measures, email can serve as a gateway for cyber-attacks. Attackers can spoof domains to make it appear that their emails are from trusted contacts. Additionally, malware and spam can be distributed via email.
Despite this, many organisations don’t have adequate cyber-security measures in place. For instance, research by security company Proofpoint reported that 97% of UK universities are failing to implement adequate email security controls, leaving staff and students vulnerable to attacks. To ensure business email security, consider these tips:
- Develop a corporate email policy. Create a formal policy outlining acceptable uses of company email. Include guidance on the types of files employees can share, prohibited content and the handling of confidential data.
- Implement security awareness training. Even with the best technical controls, cyber-security measures will be ineffective if staff aren’t prepared to deal with IT risks. Strengthen employee attitudes towards security through formal awareness training. Because phishing remains a likely attack source, training should include simulated phishing attacks.
- Utilise strong email defences. Use a secure email gateway to inspect messages for malicious content before they reach corporate systems. Additionally, consider implementing a Domain-based Message Authentication, Reporting and Conformance (DMARC) validation system. Such a system guarantees the legitimacy of emails, as only authorised IPs can send emails from a domain.
- Leverage email encryption. Consider using email encryption—algorithms to prevent others from reading an email without the correct encryption keys—to make sure attackers can’t read sensitive business information.
- Ensure effective password management. Implement strong email password management policies. Complex passwords are useful to a degree, but can easily be forgotten. Consider providing employees with the NCSC’s three random word password technique.
While email remains a popular tool for businesses in Northern Ireland, it offers a large attack surface for cyber-criminals to target. To mitigate this risk, it’s imperative for organisations to implement strong email-security measures, regularly review their policies and purchase appropriate insurance to protect themselves against the worst consequences of an unavoidable breach.
For more cyber-security tips, contact our specialist Northern Ireland-based cyber-insurance team today.