All of us still rely heavily on email for business communications, both internally and externally. Unfortunately, the number one way hackers get into your company is through email, and every day the number of new viruses and malware is increasing.
Here's the four best ways to keep your business email secure:
1) Deploy anti-spam/anti-virus protection.
Deploying anti-spam and anti-virus software that stops malware or spam from arriving in your inbox in the first place is the first step. If you've moved to a cloud service such as Microsoft Office 365, you can take advantage of their anti-spam and anti-virus features. Be sure to check which version you have, as there are different levels of security provided.
Whatever email service you use, keep in mind that while Google and Microsoft are great at what they do, they are not specifically geared to being experts at anti-spam software. We recommend layering on extra protection from a third party provider such as Mimecast, Symantec or others.
Check with your IT department to see what you have in place today, and/or speak with a reputable IT consultant to ensure you have what you need to stay as secure as you can.
2) Pay attention to software updates.
One of the easiest ways to protect your email, but often ignored, is to ensure you install the latest patches and updates on all your devices. These updates are often pushed to you precisely because they contain the latest security protection! You can choose to let your email vendor provide you with the updates, or take advantage of an IT service provider to maintain your entire system for you.
It's also equally as important to protect your hardware (computers and servers). The best way to do this is with a recurring service that automatically upgrades and patches all the equipment across your network, to ensure you always have the latest versions. Manual updates are fine, as long as "someone" remembers to keep on top of it.
3) Educate your staff - continually.
Despite the best protection, it's almost impossible to keep all malware out. Hackers are getting extremely clever, and although security vendors attempt to keep up it's a huge challenge. Employees should never open email from any unknown sender or source, and NEVER click on a link that looks remotely suspcious - even if it comes from someone they know.
Here's a quick list of tips that you can share with the office:
- Never leave unlocked computers unattended. It should be company policy for employees to leave their computers in a password-protected state whenever leaving their desks.
- Never trust links or attachments from unknown sources.
- Disregard and delete emails that request password changes or personal information, no matter how official they may appear.
- Install all updates for anti-virus and anti-spy software.
- Encrypt all emails containing sensitive data.
- Never use company email for personal messages.
- Delete or archive all emails 60-90 days from sending/receiving.
4) Consider email encyrption.
Email encryption is a must for any industry who must remain PHI or PII compliant, and in fact is becoming important for any company that manages private data. With one click, you can encrypt your email message before it leaves your inbox, and the authorized recipient - with the correct password - can open it. Other services can automatically recognize and encrypt information recognized as sensitive, such as social security numbers, credit card numbers and more.
Security is complex, and it's difficult to understand the entire picture without becoming overwhelmed. Be sure to contact us if you're looking for additional advice on how to properly protect your business.