Email security top tips
Most cyber security articles focus on high-tech systems issues. Largely because they sell more consultancy and more products. It is not that these complex issues aren't real or relevant - but, for most businesses they are not, or should not be, the main focus.
More information security breaches reported to the Information Commissioner's Office relate to email issues than anything else- and often quite prosaic issues at that.
Our six top tips on email security will see you a long way on the road to safer working.
Tip 1: Use a good email system
Try to use reputable business email systems -such as Outlook - rather than generic Hotmail, Gmail or Yahoo accounts. Not only will this make your business look more professional (you will be able to set up email addresses that reflect your business name), but they will provide good quality security with regular updates, include important privacy features, and, appropriately set up, are less likely to store your client confidential data outside the EU (think Data Protection regulations).
Tip 2: Choose a strong, unique password
This could be a guidance note in its own right. Don't simply reuse a stong password you use on other accounts (eg your internet banking, your personal email, or facebook account). Don't make it so complex that you can never remember it, but complex enough that it will take hackers longer to break. Do not include any part of your name, including maiden name, your school, first pet, home address or other personal information - as these things are remarkably easy for serious criminals to find out and guess. You can, if you like, use a reputable password manager (a bit of software that, via a single secure password, then creates and remembers constantly changing random passwords) as long as you keep that one password very secure.
For more guidance on selecting a secure password, read this Wikipedia guide
Tip 3: Add a second layer of protection to your email account
This is called 'two-factor authentication' - and is available on almost all modern email systems that you would want to be using. All it is, is adding a second type of identity verification to your account. You may have experienced this when making a paypal transaction or using your internet banking, for example where you have been asked to quote a code sent to your telephone. This could be activated, for an email account, when you want to change your password for example.
Tip 4: Keep alert to the threats
Don't click on suspicious links. Do check the sender email address carefully. Don't log in to other accounts from your email. Beware of spam - and remember some of it is becoming much more sophisticated.
Tip 5: Beware of public wifi
It may be free, and convenient, but it is not very secure. The data your viewing, including passwords being entered, could well be accessed by hackers. If you must use it, avoid accessing sensitive material or logging into business accounts - unless you access your work network remotely via a secure encrypted 'virtual desktop' which minimises the risks. If in doubt about this, check with your IT team.
Tip 6: Encrypt sensitive data, or don't send it by email
Email is not a secure form of communication. The simplest way of protecting information is to place relevant files into a 'zip' folder before sending, or even password protecting a document. These offer a limited additional degree of security. The problem with better encryption is its impracticality. Security software company Sophos have an excellent blog - including a post on the practicalities of email encryption which you my find a helpful source of further advice.