Phishing and spam are two problems connected with your incoming email, but what about the safety of your incoming email?
As email often contains sensitive and confidential information and is relatively easy to compromise, you need to implement appropriate security measures to:
- Be sure only authorized employees can send mails from your company.
- Maintain the confidentiality of your messages or email attachments until delivered to the intended recipient.
- Archive your sent email for future reference (e.g., in case of an investigation or for financial or legal reasons).
Once offenders have access to some valid account in your small business, they could use it in order to find the contact information associated with this account, send spam, launch phishing attacks and much more.
Permit the safety protocol HTTPS for communication involving company computers and webmail servers. This can help to keep email confidentiality.
Your company should decide on a single email support for your company that will assist you simplify safety measures. Safety ought to be among the essential criteria for choosing an email services. Should you use a webmail support, empower the safety protocol HTTPS for communication involving company computers along with the webmail servers. HTTPS will encrypt all emails that you send and get, which helps to keep message confidentiality.
Create email guidelines for workers that include the following:
- Always follow the company’s password standard, including the use of a strong password for email whether the account is inside the business or hosted as webmail. This is important with webmail services, as they are more accessible for cybercriminals who will use compromised accounts for other criminal activities (such as emailing spam).
- Use the recommended security and privacy settings in the Web browser or email client software unless the person responsible for cybersecurity in the company tells you to change them. The security features built into those applications are there to protect the business. (In your business, it is possible that your employees set up their own email software. If that’s the case, it is best that they follow the security recommendations of the browser or email client developer).
- Before sending emails or attachments that contain sensitive information, always ask yourself: “Could the unauthorized disclosure of this information cause serious harm to me or my business?” If the answer is “Yes,” then use another more secure method.
- If there is a need for you to send potentially sensitive information outside of the business, ask the recipient to verify that they received it. Also, encrypt attachments (e.g., Word documents) before sending them over the Internet.
Write and stick to an email retention benchmark suitable for your company and any provincial or national laws. By way of instance, if your company must keep customer records for seven years — and also you communicate with customers from email — then you have to keep email archives for seven decades. This may be accomplished by backing up your own email to an inner storage method or by organizing scheduled copies together with your email service provider. If you aren’t certain how long you have to keep mails, check with your attorney, accountant or another responsible party to verify any prerequisites. After email archiving is initiated, you’ll be prepared if called on to provide old emails.