The biggest myth in cybersecurity is that small- and medium-sized businesses (SMBs) are too small for hackers to attack. In fact, the opposite is true. Global enterprises are often assumed to have multiple layers of cutting-edge security in place but, because SMBs with smaller budgets regularly process sensitive information every day, they are some of the most prized targets for hackers. Reports found that in the first half of 2018, cyberattacks on companies with 250 employees or less doubled, with an average loss of $188,000 per attack.
Email systems are a primary vector of attack — remember the Sony attack of 2014? If such a large, multinational corporation can’t even keep its email safe, what hope is there for SMBs?
Actually, quite a bit — and it doesn’t take a Fortune 500 budget. There are many things your SMB can do to make its email systems significantly more secure without breaking the bank. Below are five tips to keep you and your team safe.
Encryption is key
Most emails are sent without encryption, a digital process that keeps the information communicated in an email confined to only those intended to read it. Many methods of encryption are available these days, and the tools you choose will mostly depend on the levels of security and convenience you require, but it is imperative that you do opt for some. Options include identity-based email encryption protocols and transport layer security that protects messages in transit, among others.
Keep passwords secure
Every employee should have their own passwords for their workstations and their email accounts, but they should also follow security best practices. Make sure they are using strong passwords that utilize upper- and lowercase letters, numbers, and symbols at least 12 characters in length. Naturally, passwords like “password” and “123456” should be avoided — but these somehow stubbornly remain some of the most common passwords in use. And no employee should be recycling their passwords across different accounts. Password manager apps are best for these scenarios.
Two-factor authentication should also be enabled. This adds another layer of security on top of passwords, usually though a temporary verification code sent directly to your phone. By activating two-factor authentication, email accounts will still be protected even if hackers managed to get a hold of the passwords.
Keep only what’s essential
Do you have a logical retention policy in place for company emails? It’s a good idea to have employees periodically purge their stored email communications of data that’s not critical to ongoing business. Why store sensitive information you’ll never use? Purging it means one less liability on the books. Large enterprises often do this every 60 to 90 days. Remembering to purge old emails regularly can be difficult for employees, so setting automated reminders can be a big help.
Train your team
Half of all American companies spend less than 1% of their security budget on employee training programs. This is particularly troubling when it comes to email security, where they often play the most crucial role in keeping systems safe. A good training program instructs employees on what emails to avoid and what behaviors to abstain from. Obvious points include never opening attachments from unknown senders; never responding to external password change requests; always updating firewalls and antivirus software; noticing signs of hacks; purging procedures; and phishing detection. For more detailed training programs, contact an ITS technician today.
Manage mobile devices
More and more business is being done either at home or on the go. The lines between personal and work communications — and the devices used to conduct either — often blur. Make sure you maintain strict standards and policies for employee mobile device usage, one that covers both personal and company-issued devices if both are being used to send and receive company emails. Devices, like in-office workstations, should be password protected and should be running approved security apps that prevent hackers from accessing them when they’re connected to shared Wi-Fi networks.