If you’re like most modern businesses, a data breach or an email outage can bring productivity to a standstill. Often, the careless or unwitting actions of users are the root cause. At Rackspace, we take a no-compromises approach to our customers’ email security–but end users should also employ certain best practices, to help keep data secure at the source.
Here are ten easy steps that you and your employees can take. . .
Review your password policy: An outdated password policy is a prime security threat.
Best Practice: Review your policy to ensure that password protection, best practices adherence, and retention policies reflect current practices. Update requirements for password complexity and password reuse rules.
Do not open unsolicited attachments: Attachments are a primary vehicle for viruses. Users shouldn’t open unsolicited attachments or messages from unknown senders. Certain attachment types, like .exe, .asp, and .cmd, are more likely to carry malware.
Best Practice: Encourage users to report messages that include unsolicited attachments or other suspicious messages.
Never distribute sensitive information—like payroll or customer lists—via email. It takes just one unwitting employee to “Forward” this info into the wrong hands.
Best Practice: Store sensitive information and lists on a server that employees can access securely (SharePoint is a great option).
Be mindful of where users check email. Employees checking email from public computers—such as libraries, hotel business centers, or airport kiosks—can fall victim to keystroke logging and prying eyes.
Best Practice: Use company-approved/provided mobile devices and laptops when you’re on the road, and always be sure to use your email provider’s secure SSL login. Also, protect the information on the device itself by using access passwords, in case your device is ever lost or stolen.
Turn off HTML viewing: Allowing receipt of HTML emails significantly increases your chances of letting in viruses and malware. The same scripts that make words appear bold and scroll on a web page are the same ones that can provide a vector for malware and other email exploits.
Best Practice: In your email app, adjust your email viewing preferences, so that images and/or HTML are hidden.
Delete “email chain letters” before opening them. Some of those “fun” emails actually contain links to malware, which can infect your computer, steal user data, and possibly compromise sensitive business information.
Best Practice: Establish strict guidelines about which kind of email content (and web content) is appropriate for business accounts and devices.
Be phishing savvy. Phishing attempts (i.e., emails that appear to be from a trustworthy source, but are actually from thieves trying to gain access to your accounts) are becoming more sophisticated and difficult to identify.
Best Practice: Make sure you and your employees are educated about how to avoid falling prey to phishing, and have a plan in place in case an account is compromised.
Remove (or protect) old mailboxes: Your domain may contain a few test accounts or inactive email addresses. Many of those old or test accounts are created with easy-to-guess passwords to make accessing the mailbox simpler or pre-date current password policies. Those easy passwords can open the door for a savvy hacker to guess a password and infiltrate your system.
Best Practice: Clean up email addresses that aren’t needed or beef up passwords on those accounts to make them hacker-proof.
Do not use personal email accounts for business purposes. Consumer-level email services are typically not as secure as those designed for business use.
Best Practice: If your employees need off-site access, be sure they have a secure login to their business email account, as well as a secure mobile device or laptop.
Educate your users: Average users aren’t always aware of the things they can do to keep their email (and your sensitive business information) safe.
Best Practice: Start an awareness program. Prominently post basic tips like attachment vigilance, handling strange emails, and password protection, to keep employees conscious of the dangers they may encounter in their inbox.