Skip to main content
News

Email Security

Email Security Best Practices

Since organisations rely heavily on email to communicate and conduct business operations, cyber-criminals commonly target email as an entry point to access networks and breach valuable business data. Indeed, a single misclick from an employee might be all a cyber-criminal need to breach an organisation’s cyber-defences. Organisations must increase email security to protect their data and operations from cyber-threats.

According to the 2024 Cyber Security Breaches Survey, 84% of businesses and 83% of charities that fell victim to cyber-attacks were breached via phishing. Organisations must train employees to spot and report phishing emails to reduce their exposures.

Organisations should consider these seven-email security best practices:

  • Implement employee training. Employees are the first line of defence. Employers should invest in a security awareness training programme to educate workers on current and evolving threats and how to avoid situations that could put organisational data and networks at risk. In particular, employees should be trained to spot and report phishing emails and similar scams.
  • Improve password management. Many people recycle passwords, making it easier for cyber-criminals to compromise data across multiple accounts. Employers should encourage employees to set a unique password for their work device that contains a combination of uppercase and lowercase letters, symbols and numbers and change their passwords regularly.
  • Enable multifactor authentication. Employers should require users to complete an additional security step known as multifactor authentication (eg entering a unique code sent to their smartphone) when logging into their email accounts.
  • Encrypt emails, communications and attachments. Organisations should encrypt emails and other communications to ensure they are only read and received by the intended person. Encryption can help prevent malware attacks through email by ensuring that cyber-criminals don’t intercept sensitive email data.
  • Access email only on company-approved devices. Devices that don’t have the proper email security tools and measures may be vulnerable to cyber-criminals. Employees should only utilise company-approved devices for all work-related communications to help keep emails secure.
  • Utilise endpoint protection solutions. Employers should leverage endpoint protection solutions that look for critical information in emails that appear out of the ordinary, such as abnormal addresses, misspelt words or suspicious links. This way, suspect emails can be filtered out before they are received and opened.
  • Avoid public wi-fi. Employees should avoid connecting to public wi-fi or use a virtual private network to establish a secure connection between devices and the internet.

Although sound email security practices can reduce potential losses, vulnerabilities still exist. As such, organisations should regularly back up data and keep copies in multiple locations, including on physical hardware and in the cloud.

For more information on cyber-risk management information and robust insurance solutions, contact the experts at Portal Broking Group today.