Skip to main content

Avoiding the overlooked email security risks to your business

(Image credit: Image source: Shutterstock/Bloomicon)

Email is an essential part of communication for modern businesses. However, with an increasing amount of sensitive data being sent through this channel, it’s becoming a key target for cybercriminals looking to steal information.

Due to the ability to send and receive data, criminals can not only target outgoing messages but can lure employees in with targeted phishing emails.

Daniel Richardson, CTO at Exclaimer, discusses common email errors and the ways organisations can protect their businesses from risks when sending messages.

Finetuning BYOD policies

Bring your own device (BYOD) policies deliver benefits in employee flexibility and remote working. However, setting up devices securely can be time-consuming.

With an increasing number of employees using their own devices at work, and a 74 per cent jump in people working from home in the last decade, it can be difficult to monitor email security levels across devices and control how they’re used outside the office.

According to Druva, 75 per cent of employees access corporate files on personal devices, which are almost always unprotected. The challenge with BYOD policies is it’s difficult to remain compliant with data protection acts because you can’t always control employees’ personal devices.

However, if you offer remote working policies or have a flexible working culture, there are steps you can take to protect data.

Organise training sessions in which you demonstrate simple techniques employees can use to protect their devices. This may include using VPNs to obscure IP addresses, choosing strong passwords (and keeping these separate from personal passwords), keeping devices up to date with security software and using email archiving solutions when accessing data remotely, making it more difficult for hackers to access company email data.

With 70 million devices lost each year, it’s important the data on them is secure in case they fall into the wrong hands. Make sure personal devices are screen-locked and important email files are password-protected.

Make sure all company devices have the latest anti-virus and firewall software installed, plus the latest OS and patch updates. For those using a personal device when working remotely, offer to provide these extra layers of security at the cost of the company to encourage compliance.

For example; you could install device-focused MDM (Mobile Device Management) software, which provides a single platform where all mobile devices in use can be monitored and managed.

The impact of ‘spam’

One of the most overlooked email threats is neglecting the spam folder. Studies show 14.5 billion spam emails are sent every day and as these build-up, it can become a significant risk.

Not only do spam emails carry the threat of infecting your devices with malware, but an attack of spam emails can cause networks or servers to crash, resulting in downtime and costing businesses time and money to fix.

Too much spam can also be detrimental as it makes some employees ‘delete trigger happy’, causing actual, legitimate emails to be deleted in the rush to clear inboxes.

Limit spam emails by applying filters which redirect suspicious emails to a separate folder that can be easily emptied or deleted. This can typically be done in the email provider interface, but separate software can be used to prevent them.

Occasionally, email addresses can get overrun with spam emails. While the temptation can be to reply asking to unsubscribe, it’s best not to respond to spam emails as it encourages further contact, showing the address is still active.

Never open suspicious-looking emails, as they may contain malware and worms which can access your network and move horizontally between connected devices.

Email signature best practice

Email signatures have become an important part of brand identity. Branded email signatures not only increase awareness but are often deemed more trustworthy because of their use of recognised brand colours, logos and links to the official company website.

The dangers of taking a relaxed attitude to email signatures were evident in a recent news story, which revealed how an email was deemed as a legally binding contract because it included an automated signature.

All business email signature blocks need to be centrally managed and controlled according to the needs of a company. Do you want to run the risk of your employees accidentally entering legal arrangements that you have no way of getting out of?

Ensuring that everyone is using a consistent email signature block that you know will be applied to all internal and external emails will give businesses peace-of-mind and complete awareness of what is being appended to all corporate emails.

Having an email signature management solutions service in place means everyone has the same high-quality signature when sent from any device, even mobiles and Macs.  It also ensures your signature details are always up-to-date and the correct email disclaimers are in place. This should include information like how any views are those of the individual sender and not the company, plus confidentiality and copyright statements.

An effective email signature sticks to the essentials; primary contact details along with a small, recognisable colour palette. However, avoid including personal information like private phone numbers and links to social media accounts. If you become victim to data theft, the more personal information the hacker can use, the more convincing the fraudulent profile they can put together.

Company-wide education

Email security should be a key priority for all businesses. And when it comes to instilling a company-wide culture of security, it needs to start from the top down. It’s up to managers, directors and supervisors to proactively develop an email ‘safety-first’’ mindset in a team to encourage employee buy-in.

The key to keeping your messages safe is having proper education and training around the risks, with the whole company attending – including senior employees. External companies and experts can be hired to boost business security knowledge and provide training, which can be tailored to suit your employees’ needs, with a variety of seminars and online courses available to suit their learning preferences.

One of the biggest challenges in introducing large-scale email safety changes is they can be tedious to implement. Rolling out short, regular training schemes that work around employees’ schedules will encourage staff buy-in, when it comes to training.

Training should focus on the most relevant issues to your business. For example, those who rely heavily on email activity should emphasise email threats and best practice for identifying and avoiding spam and phishing scams.

Daniel Richardson, CTO, Exclaimer