Despite the fact that email is a necessary method of communication today, we often take the privacy and security of our inboxes for granted. If not used right, your most sensitive business data could easily become compromised. From invaluable intellectual property to sensitive employee data, your corporate inbox is a veritable treasure trove for hackers.
Your email and data security are only as good as the safeguards you put in place. Not sure where to start? Here are four best practices you can act on today that’ll help you secure your inbox and safeguard your organization:
Use/Require Multi-Factor Identification
Why stop at one password when you can have two? Multi-factor identification requires two or more pieces of information to access your account. For example, Google’s 2-step verification sends a pin number to your cell phone when you want to sign in. You’ll need to provide that number and your password to gain access to your account.
Even if someone manages to steal your password, they won’t be able to get in without your cell phone. Combined with other email security best practices, this makes your email account almost unbreakable and helps to secure your account from unauthorized logins — a huge bonus for protecting the contents of your emails.
If your organization is serious about data protection, be sure this feature is activated and required across the board.
By now, you know that “12345” isn’t an acceptable password, but do you know what really makes a secure password? It’s not enough to just use a few numbers or characters, or to make something really long — you’ve got to get creative.
For starters, passwords should never be only in lower or uppercase. Ideally, a password should jump between both in a seemingly random way. Special characters are also a good idea, as are numbers. But a string of 8-10 random letters still won’t be as secure as a long multi-word phrase.
Gmail, for example, allows you to use up to 200 characters for your password, meaning that this entire sentence could potentially be a password. Now, while you’re unlikely to create a password that long, a strong password has preferably over 32 characters.
Managing your passwords correctly is also crucial:
- Don’t use the same password across multiple sites.
- Rotate passwords every few months.
- Use a password manager to store them securely.
- Never store passwords in your email app or browser — otherwise, anyone with your device will be able to access your account.
Fortunately most platforms, like Google Apps, offer organizational security settings that allow you to force users to make strong passwords, which is a great first-step in protecting your organization.
Learn to Recognize and Avoid Phishing Attempts
Phishing is the practice of sending fraudulent emails to individuals in a ploy to get them to send sensitive information to attackers. In 2013 alone phishing scams were estimated to cause over $5.9 billion dollars in damages.
Don’t want to fall prey to a phishing attack? Whenever you are sent an email that requests your information, don’t click any links in the email itself. Instead, navigate to that company’s website and directly log into your account there.
It’s also a good idea to beware of red flags, such as legal threats and misspelled words. Finally, if you ever feel the slightest suspicion about the nature of an email, simply call up the company (or organization) that claims to have sent it and ask for yourself.
Use Strong, Client-Side Encryption
Using strong encryption to protect your data and your emails is one of the most important steps you can take toward living a more secure, private digital life. But all encryption is not created equal.
Encryption is always a good measure against snooping or hacking, and client-side encryption is the gold standard for ensuring your emails and files reach only their intended recipients.
When you send a message over the Internet, that data isn’t just going directly to your recipient. Your message is traveling through — and in some cases, being hosted on — many different servers. While you might like to believe all of those servers are secure, there’s a good chance that they aren’t. Even worse, it’s entirely possible for one of those servers to be monitoring every message that it comes across.
Client-side encryption solves this problem by ensuring your message remains encrypted from the time you send it to the time it is received. Any servers it touches on the way to its destination won’t be able to read it, as they will have no way to decrypt it — only the intended recipient will be able to use their key to decrypt your message.
If you’re looking for the most secure, private way to send email or transmit data, client-side encryption is your best bet. Using client-side email encryption makes it less likely for your information to be intercepted by hostile third parties on the Internet.
Look for a provider, like our partner, Virtru, that has one-click encryption, and can send encrypted emails to any recipient from your existing Gmail or Outlook account — even if they don’t have encryption installed. Easy setup is also important. Encryption should work as a browser add-on and install quickly, with little to no configuration.
Your Business is Your Data. And Your Data Lives in Your Email
Countless high profile hacks have shown that anytime you transmit information digitally, it’s exposed to outside threats. By remaining vigilant, using client-side encryption, and following best practices, you can ensure that your sensitive data protected while it’s at rest, or in motion.