While multiple modes of communication have mushroomed in the past few years, the good old-fashioned email remains the top means of communication for businesses. It also remains the top priority for all social engineers out there who come up with new creative ways to use it to spread malware, enter into the networks or grab a bunch of high-profile passwords.
The numbers prove it all. Users sent 30 trillion emails in 2018 and around 92% of the malware was delivered through it.
If the problem is so severe, why can’t we do something about it? Well, technology can help only to a certain extent. Post that we need to apply common sense which people seem to abandon the moment they step into the virtual world. When I was a kid, I remember my mother, telling me not to open doors for strangers if I was alone. This good old-fashioned advice seems relevant in the virtual world too. However, we just don’t seem to follow it.
Here are 6 best practices/pieces of advice which can help your business tide over the issue of email security.
1. Awareness is the key
You have web-based training that associates are supposed to take when they join the organization. Most organizations believe that such a kind of awareness is more than enough. Unfortunately, it's not. The training needs to be regular and more importantly, measured through the use of phishing simulations or malware simulations to better understand the behavior of the employees. This feedback should then be used to build upon the training program and special awareness sessions for the employees who are repeat defaulters. Remember, even 1 person’s negligence is enough to bring down an organization.
2. Recommend easy-to-use passphrases
Multiple organizations have a password management policy that mandates the use of a minimum 7 / 8 character password with a mix of numeric and alphanumeric characters. This encourages users to keep passwords such as P@ssw0rd, Oct@2019, Name@123, etc. Rather than enforcing such a policy, it would be much better if users are encouraged to use passphrases that are at least 14-15 characters long. “IsawthemovieJ0ker” is a much better password than keeping P@ss1234 just to adhere to the password policy.
Many experts may have different opinions on this, but, I feel strongly that passphrases are much better than passwords.
3. Two locks are better than one.
Build as many restrictions as you can in the path of a thief, well, just to slow him down from reaching the prized possession. In the case of an email, it is much better to implement two-factor authentication. The concept is simple. But it is an excellent data loss prevention practice as it makes life much more difficult for hackers and those who wait to sneak a peek at your emails.
Even if a criminal manages to guess or retrieve the passwords to your account, two-tier authentication will mean that the individual will still require a code to get your messages and cause issues. That code is usually sent to your phone via a text message. Do not make the mistake of sending it to your computer because you never know who is watching.
Two-tier authentication is one of the best ways to protect social media or a web application from a data breach. It also works with virtually any cloud storage service you might be using.
4. The Blacklist
Well, a blacklist is always welcome. A tv series with the same name is one of my favorites. A blacklist can be of a lot of help to the email administrator. This list helps to prevent known spammers or cyber threats from ever making it through to your inbox. Whether you’re doing it in-house or are using a third-party blacklist authority, just make sure that it’s being done at all. There are a few ways to maintain the list — it can be maintained by domain, email address, and IP address/range.
5. Make it sound gibberish
I love encryption and this is one of the must-haves in your email security deployment. All emails to and fro must be encrypted.
6. Scan all emails for viruses and malware
You need to make sure that only good emails enter the server. Email is one of the most sought-after ways to deliver truckloads of malware. Hence it becomes all the more important to scan all incoming emails for viruses and malware.
Deploying a cloud-based antivirus is the best bet in the current scenarios to be safe from ransomware attacks and malware.
These are some of the best email practices that you can deploy. What is your organization doing additionally? Would love to hear from you in the comments section.
Comments ()