Start with your employees
Your employees are your first line of defence when it comes to email security.
Hacking is only one way of gaining data – social engineering is a form of hacking that involves using information about people to convince them that the hacker should have access to certain services and data. Ensure your processes are clear and communicated so that your employees are less susceptible to social engineering or phishing attempts.
You should train employees to follow the following rules:
- Never open links or attachments from unknown senders
- Be more cautious when dealing with emails that you weren’t expecting
- Check how the email is formatted – official communications shouldn’t have spelling or grammar errors, for example
- Don’t respond to emails that request a password change and require you to divulge personal information
- Ensure antivirus software is up to date
- Don’t use company email addresses to send and receive personal emails
If someone needs to open an attachment, have them save it to the desktop and scan it with anti-virus software before opening.
Email encryption
Email encryption protects information from hackers by only permitting certain users access to your emails. There are various methods of email encryption, including:
- Download or purchase extra software that will plug into Microsoft Outlook
- Install an email certificate that allows your employees to share a public key with anyone who wants to send them an email and use a private key to decrypt any emails they receive
- Use a third-party encrypted email service – as an example, Office 365 provides ready to use encryption options like S/MIME and Office 365 Message Encryption services
Consistency
There’s no point encrypting emails or using security features on just a few computers in your network – for security to be effective it needs to be implemented across the board.
This also means that policies should cover the use of mobile devices – employees should keep the device password-protected, and install approved security apps so hackers cannot access devices via shared WiFi networks. Office 365 provides built-in mobile device management, with options to help you keep your data safe.