For the most part, email security best practices have remained consistent. Don’t click unknown links. Avoid easy passwords and block spammers. However, email is, by far, the most common mode of communication for employees (an estimated 306.4 billion emails were sent each day in 2020!), so it’s important they understand the security risks associated with their email inboxes and how to practice good email security etiquette.
Share this easy reference guide on the email security best practices with your team to ensure your company’s network stays secure.
Create Strong Passwords
Your password is like the front door lock. All hackers have to do is pick the lock, and they’re in. Having a strong password is a no-brainer these days, but the password game has become what can feel like an Olympic sport. Coming up with new, complicated passwords every 3 weeks can take up a lot of time, and require a fantastic memory to maintain.
With more than 180 million people defaulting “12345” or “123456789” as their password, there’s a reason password requirements are so essential to follow.
Ingredients for a Secure Password
There’s a fine line between a good, strong password and a password that’s too difficult to remember. Studies have shown that a passphrase versus a password, or long string of various symbols and numbers, is more user-friendly and harder for hackers to crack.
Some requirements to keep in mind when coaching employees on password selection:
- Avoid using birthdays, student IDs, hometowns or anything else personal
- Use both upper and lower case letters
- Include numbers and special characters
- Use phrases instead of words
Establish Password Reset Schedules
Find what works best for your organization, but establish a schedule in which employees should reset their passwords for their email accounts.
A rule of thumb is that employees should change their passwords every 90 days; however, at least annually is highly recommended.
Use Two-Factor Authentication
If your password is the front door look, two-factor authentication is the 2nd deadbolt. Two-factor authentication is a unique code that usually comes in the form of an SMS, email, voice call or time-based one-time password (TOTP) app.
This extra layer of security has become the norm for many applications, software and websites and helps keep company data out of the hands of hackers.
Know the Signs of Phishing
Spam, spoofing, phishing, spearing and whaling. We’re all familiar with those predatory emails that occasionally pop up in our email inboxes. As the years pass, phishing emails continue to get more sophisticated. Therefore, it’s important to brush up on the current phishing tactics being used and keep your employees educated.
Never Access Emails While on Public Wi-Fi
Public Wi-Fi and business laptops don’t mix. The issue is that every cell phone out today typically can function as an “on-demand” Wi-Fi hotspot. This means the person sitting next to you could have shared their own hotspot and named the SSID the same as a nearby business.
As a result instead of connecting to Starbucks, you may inadvertently be connecting to their hotspot. This allows them to be a “man-in-the-middle” between you and your email provider where they can potentially capture all traffic including your passwords.
The simple solution is to use public Wi-Fi for accessing non-password sites such as news or entertainment sites. Encourage your coworkers and employees to leverage their mobile hotspot when in public, and always as a last resort utilize your company’s VPN when connecting remotely. VPN software does not prevent your data from being intercepted however it does encrypt all data from your device to your destination.
Take Cybersecurity Seriously
When educating your employees and coworkers, highlight the importance of not only email security, but cybersecurity as a whole.
Establish cybersecurity training processes and develop cybersecurity awareness initiatives to educate and motivate employees to follow best practices.
Work With SSE
Simply put, we’re cybersecurity experts. From email security to network security, we help companies across all industries fortify their networks and protect their data from whatever gets thrown at them.
Contact us today to schedule a consultation and learn more about how our cybersecurity services could help protect your business!
Need to Meet CMMC Compliance?
Schedule Your CMMC Readiness Assessment
Fill out the form below to start the process
"*" indicates required fields
Learn More About CMMC and NIST Compliance
Check out some of our technology and DOD cybersecurity articles.