Main Content Start

Best Practices for Email Security at Work

Outline of a sitting woman to illustrate email security
September 30, 2016

Protecting your business from email vulnerability

Email is an essential component of business. It’s used for everything from internal communications to sales and customer support. However, email is also the preferred avenue by which cybercriminals steal money, identities and account information like credit card numbers and passwords. When you understand the most common email threats, you’re better able to set up protections and policies to help ensure the security of your business.

What You
Should Know

Email is the one of the most common ways cybercrimes are committed.

What You
Can Do

Set up a spam filter and send sensitive information only over an encrypted connection.

Watch:Hacked Email: What to Do
Runtime: 00:01:28

Stop Think Connect

The most common email threats:

  • Spam is the electronic equivalent of junk mail where unwanted emails show up in your inbox with unsolicited offers, requests, links that lead to malware and downloadable files that infect your computer with malware
  • Phishing is a type of attack that uses social engineering to obtain personal and financial information or infect your machine with malware by getting you to download an infected file or visit an infected website
  • Spear-phishing is highly specialized phishing attack that targets a specific individual or small group of individuals to collect information in order to gain access to computer systems, networks and data
The number of spear-phishing campaigns targeting employees increased 55% in 2015. 1

How to counter common email threats:

  • Activate a spam filter: In 2015, more than 53% of all emails sent were spam—many of them phishing attempts2—so look into whether your email app or hosting service offers spam-filtering services. Alternately, your business can set up a local filter, but review the filters regularly so that important email isn’t blocked in error.
  • Require complex passwords: To lower the chance of getting hacked, a minimum of 15 characters is recommended. Learn more about password best practices here.
  • Train your employees: Email security training can help your employees recognize suspicious emails. Also, your employees should know that using work email inappropriately, to forward chain letters or pornographic materials that may include malware is not only dangerous for business—it can also be illegal.
  • Protect sensitive information: Whether you’re sending private business information or data that is regulated (such as health records or personally identifiable information), be certain that it can only be accessed by those entitled to see it. Check with your email or internet provider to be sure you’re using an encrypted connection.
  • Determine an email retention policy: Business security also can depend on recordkeeping. And some businesses are legally required to keep emails backed up and in storage for regulated periods of time. Consult your legal advisor to learn how these regulations might affect your business.
  • Develop and enforce an email usage policy: With a published policy, you and your employees will be better able to recognize and avoid threats.
44% of employees aren’t confident their passwords are secure. 2
Skip to footer