With huge advancements in AI and the rise of the Internet of Things, the business technology landscape is being blessed with ever-increasing efficiency and interconnectivity. Though this is changing the way we work for the better, it’s also changing the risks we face on a day-to-day basis. Recent years have been beset by high-profile scandals that continually remind us of the importance of data security.
From the near-continuous Facebook data breaches to the 25 million passport numbers stolen in the Marriott data breach, 2018 was a year dominated by stories of businesses failing to protect their customers’ data.
The damages caused by these breaches are well known and, if you’re a business owner or executive, it’s vital you protect your activity and safeguard your organisation from similar attacks.
The cost of the average data breach to a US company now stands at $7.91million. According to a recent report, 47% of SMEs experienced a cyber attack in the last year.
Cybersecurity is a complicated area composed of many interdependent parts. However, given that 91% of cyber-attacks begin with a fraudulent email, email security is an important place to start for any individual dealing with sensitive data.
Use Strong Passwords
It may sound simple enough, but simple passwords are still one of the easiest ways for cybercriminals to compromise your network security. Ensure that you and all your employees understand what constitutes a strong password.
You’ll also want to avoid having the same password for all your accounts. To manage the different passwords, install a password manager to help you keep on top of your passwords and keep them safe.
Use Two-Factor Authentication
Most email services today offer two-factor verification processes as standard. This combines your unique password and a second validation step, whether it’s an SMS, automated phone call, or recovery email.
By using 2FA, you can be safe in the knowledge that even if your password is compromised, it will be difficult for any cyber criminals to access your accounts without your phone.
Most emails that are sent and received are done so in plain text. As a result, they’re easily legible to prying eyes. If you’re sending particularly sensitive information over email, it’s recommended that you use an encrypted email service.
Since the Snowden leaks several specialist email servers have emerged that encrypt your emails in transit. Doing so means that they will be unintelligible between accounts, avoiding the risk of interception.
You can also enable encryption on many of the most popular email services. However, their privacy policies and encryption methods are often likely to be weaker, so if you’re sending particularly sensitive information it is worth using a specialist service.
This should be used in conjunction with other basic consumer security tools like antivirus and Virtual Private Network software, which should be in effect across all of your active devices. It’s important to take your time when choosing a service provider here, as some are more secure than others. While the best choices in the market offer strong all-round protection, there are plenty of unreliable options that have been known to store and even sell user data. Generally speaking, services like NordVPN and Cyberghost are safe options which get great reviews.
Avoid Public Wi-Fi
Make sure you don’t access any sensitive company information from a public Wi-Fi connection. Public connections provide a whole host of security issues and leave you vulnerable to man-in-the-middle attacks. If you’re left with no choice but to use an unsecured network, ensure your VPN is turned on.
Most scams aren’t successful because the attacker is highly skilled. They happen because someone’s concentration slipped. For that reason, educating yourself and your employees about the tell-tale signs of phishing scams, the dangers of public Wi-Fi and the importance of maintaining strong passwords is paramount.
As your company grows it’s important to make sure that cybersecurity compliance grows alongside it. Onboarding and offboarding are particularly significant times for cybersecurity training so before you hire new employees, make sure that you have a detailed policy in place that will help keep your data secure.
Review your email provider’s Terms of Service to understand their email deletion process. If you delete the email from your inbox, know where it’s stored afterwards. Even if you’ve deleted the email, that doesn’t mean that data has disappeared and may still be accessed if not properly deleted.
Some services also offer expiration dates for emails, after which the emails are completely erased from existence. This is especially useful in cases where emails stay unopened in your inbox for a longer period of time.
Understanding Email Security in 2019
With the tide of high-profile data breaches unlikely to slow, 2019 will be an important year for digital privacy and cybersecurity. Significantly, email security and the rise of anti-phishing measures will dominate discussions of small business cybersecurity.
While it’s important to implement mechanisms such as two-factor authentication and encryption, it’s also important to stay educated on the broader issues and make sure that your employees are doing the same. With a comprehensive cybersecurity policy that incorporates these email security tips, you’re more likely to remain cyber secure in the long-run.