ICS Data - Email Security Solution Checklist

Email Security Solution Checklist


How to protect your business email: A checklist

Most companies are well aware of the potential risks of a data breach. Email is by far the most common vector for malware delivery which can open up a company’s network to an attacker. But there are other risks to email that businesses may not always understand. These suggestions will help you protect your business email. Good email protection is good data protection, which is good protection for your company.

Understand potential threats

For something that we use every day, email is surprisingly dangerous, especially in business communications. Although more team-based methods of communication are on the rise, the regular old email isn’t going anywhere any time soon. There are two primary risks for email: 

  • Vector for malware and virus infection
  • Theft of enclosed information

When malware is introduced to your computer network, a host of problems can follow. You could fall victim to a ransomware attack, you could lose business crucial resources as critical processing speed is siphoned off by malicious programs, or you could be liable for stolen customer data. 

Many companies also send important customer information back and forth. For example, a health insurance company may need to send crucial protected health information from one employee to another a thousand times a day. This is often business-critical information, but sending it by email can be incredibly risky. If an email is insufficiently secure, a business can make itself a target for attacks on the email itself. 

Address obvious security concerns

There are many ways that the average small business owner can make sure that their email and the information contained within are as protected as possible. 

  • Train employees on the importance of email security. The old advice of never opening an unexpected attachment still holds true, but it’s important to go beyond that. Make sure your employees know to never send protected information by email unless it’s absolutely necessary. And make sure they know what protected information is. 
  • Make sure email is encrypted on both ends. Some email providers offer encryption services on emails they send by default, but it’s not universal. When an email is sent from an encrypted source to an unencrypted one, it generally arrives as plain text, readable by anyone who knows how to access the information. 
  • Ensure the network is generally secure. Regularly install and update patches, remove accounts of former employees, and keep anti-virus programs up to date. 
  • Don’t send crucial information via email if you don’t have to. Use internal references like Member IDs to refer to customers, instead of names or social security numbers. If you have a quick question, call first.
  • Don’t store anything you don’t need. We hear about this with customer data all the time, but remember that it applies to emails as well. Set email programs to purge non-essential emails within 60 days or so. Give your employees a way to flag what they need to save, but emphasize that when it’s no longer necessary, it has to be destroyed.  

Outsource high-level security

If your company regularly handles the kind of information that attackers are most likely to target – healthcare identifying information, social security numbers, credit card information – then you may need more robust email security. Outsourcing may be the best choice at that point. A company dedicated to information technology and security is often better equipped to handle the most important information. 

Managing email threats is a crucial step toward running a strong and secure business. Companies absolutely need to protect themselves from incoming threats like phishing, whaling, and other access schemes, but they also need to be wary of outgoing email risks. Protecting customer information in transit is just as important as keeping it secure in storage.