Though the numbers are dwindling rapidly, there are still plenty of working professionals who have spent more time working without email than with. And now there is a growing labor pool for whom email is seen as yesterday’s technology (they are not wrong!) and probably do not place as much relevance into it as the majority of the world’s current knowledge workers do. Like it or not, email is still a pillar of the world’s work processes, and now that criminals have settled into their “groove” exploiting it, there can be no exceptions to taking email security seriously.
Your email service should be robust and secure
Rather than tapering off like many other types of cyber-attacks, email hacking continues to grow in frequency, sophistication and damage impact. For most folks, as we have frequently said in the past, getting hacked is not a question of “if” but of “when”, but there are ways to keep your email secure. Can it be made perfectly secure? No, but you will greatly improve your chances of fending off an attack when it eventually comes.
- Your email should be professionally hosted by a company that keeps its infrastructure up to date, continually monitors security and can provide human-based support to its customers. Most free-mail platforms can’t/don’t do this, and it follows that your organization should not rely on free-mail services.
- You should have 2-factor authentication enabled for your email accounts. Not having it on is now considered a huge security liability. Not only will it result in your account getting hacked, it may disqualify you from being insured. If I had to guess where we are headed in terms of cyber-liability coverage, I would say we are maybe only a year or two from it being a requirement with no exceptions.
- You need 3rd party email filtering. Even the big boys in email hosting (Microsoft and Google) only go so far with their email filtering. While their baseline capabilities are still light-years ahead of the free-mail platforms (and free versions of their own services), its increasingly obvious that their focus is on the core technology of delivering email and securing your accounts, leaving spam and malware detection to companies that focus only on that.
- If you send confidential data through email, it must be encrypted. This isn’t just good security practice, this is actually the law in some cases especially where it comes to PII, medical and financial information, but email encryption is not something that most email services come with “out of the box” and must be added on through additional configuration or even separate vendors. This is another area that is already being used to determine your organization’s insurability.
- Strongly consider email backup services. Most folks store a ton of information in their email boxes and take for granted that because it’s hosted “in the cloud” that they don’t need to back it up. While it may be possible to have your email provider restore accidentally (or purposefully!) deleted emails, if you don’t notice in time (usually 30 days or less) that email is gone forever. Email backups are extremely affordable and literally require zero-attention from you, just a watchful eye by your IT professional.
Image by CrafCraf from Pixabay
