by Preeti Nahar
Posted on June 14, 2018 at 6:00 PM
Email is by far most commonly used communication mode in organizations. This fact, itself makes email security a necessity.
Email is a common tool used for spreading malware, virus, spam and phishing attacks.
It is a technique or set of techniques to ensure sensitive information shared in emails and across email accounts is kept secured against, unauthorized access or the compromise.
Attackers usually make use of email attachments or hyperlinks to install malware on the account holder’s device (laptop, desktop, mobile phones). It makes it an easy entry point for them to gain access to an organization’s network.
Attachments are usually framed in a way that it looks like a legitimate document or file but once you open it or save it on your device, it installs the malware. Same is the case for hyperlinks embedded within the content of the email. These hyperlinks are targeted to the websites that spread malware.
Accessing such websites or files can lead to device security being compromised and in turn, organization’s data security is compromised.
Sending phishing emails is another trick attackers use to steal sensitive information from recipient. Usually these emails ask the recipient to confirm their passwords, bank account numbers, and even credit card numbers. These emails look so legitimate that it is very hard to recognize them as phishing emails.
We have listed below some of the best practices your organization can follow to ensure email security.
Always engage your staff in ongoing education on email security and risks. Educate them on how to avoid being victim to email phishing attacks. As an organization, you need to make sure your educational content is always up-to-date and staff undergoes these kinds of trainings or knowledge sharing sessions.
Implement a password policy that requires each account holder to set strong passwords and change their password periodically.
Implement email encryption mechanisms to protect email body contents as well as email attachments.
Ensure webmail access is secured and encrypted.
Implement data protection to identify sensitive information and prevent it from being stolen via emails.
Encourage staff members to make use of spam filters.
Educate staff members not to access organizational email account from publicly available wi-fi connections and consequences of doing so.
Have them set-up VPN software to access organizational email account if they are working remotely.
As its always been said, “Prevention is better than Cure”. By implementing above best practices, organizations can mitigate risks of email security compromise and prevent sensitive data loss.