21 Email Security Best Practice You Need to Follow in 2021
For most organizations, email is still the number one communication channel, even though a lot of them have in recent times moved to chat and VoIP. This only means that, in 2021, email security is still something to pay close attention to.
In this article, we’ll show you some tips and email security tips and best practices you need to follow in 2021 and beyond if you’re looking for a piece of mind when it comes to your emails, so let’s get down to it right away.
1. Review Your Email Habits
You might check email several times per day and often do so without thinking. To how many email lists and newsletters are you subscribed to? How many websites you’ve given out your email to and never use them since?
What about your business email? Do you spend a lot of time on email threads with people outside the organization you work at? You should know how to choose the best email solution for your business.
Your email habits might be your biggest email security risks, especially if a scammer somehow finds out about it, so be sure to review them and learn what you can change about them.
2. Separate Private and Work Email Accounts
You likely have at least one personal and one work email account, perhaps more. Be sure that the two are completely separate from one another.
That means no personal communication on the work email, or work-related information shared on the private email and, above all, different passwords for each.
3. Create a Strong and Unique Email Password
Most people are extremely lazy with their passwords. This is a huge risk to take, especially when it comes to email and not one of the “it pays out in the end” kind.
Create a strong and unique password that won’t be easy to guess, using a combination of letters, numbers and special symbols, as this might be the only thing between your data and the hacker.
4. Use 2FA
We just said that the password might be the only thing between your data and the hacker, but it’s even better for your email security if it’s not.
You can put an extra layer of security between your data and potential hackers in the form of two-factor authentication, or 2FA.
This means that in addition to the password, you, or someone else trying to access your email account, will need to provide another piece of information, like a passcode or token. This will be sent to you via another one of your connected devices, such as the smartphone, meaning that it will be extremely hard for the hacker to figure it out without having that device.
5. Don’t Give Out Your Password
A password is only as strong as you keep it secret, so don’t give it out to anyone. Not your family, your friends, coworkers, boss and especially not someone claiming to be a “representative of Gmail”.
If you get an email or a phone call from someone claiming they’re from Gmail or another company, that’s a 100% scam, so don’t give them your password.
6. Avoid Public WiFi
Let’s say you’re at the airport and have some time before your plane arrives.
Cool, watch some YouTube videos or read an interesting article or a book, but whatever you do, don’t log into your email using a public WiFi, as it is unsecured and a hacker might be monitoring it for someone like you.
7. Be Sure Your Device is “Clean”
If your company has a “bring your own device” (BYOD) policy, make sure that the device you are bringing does not have any malware as this will only make you more susceptible to hacking attempts.
8. Investigate Suspicious Email Messages
Did you receive an email that looks a bit “off”? Don’t reply to it right away. Instead, take the time to investigate it and the sender.
How to do that?
By doing an online search of the subject line, the sender, or the body of the message. In all likelihood, this isn’t the first (and won’t be the last time) that the scammer is trying something similar.
9. Don’t Open Suspicious Attachments in Your Email
Most email malware is spread through email attachments. By simply opening an untrusted attachment, it can download a nasty malicious software to your computer and give the hacker control over it.
Only click and open attachments from addresses you trust and that you already expect.
10. Investigate Suspicious URL Addresses
If an email contains an URL address that the sender is asking you to click on, stop and look at it carefully.
Does it look familiar and like it’s coming from a known organization? That’s not enough. Make sure it is 100% the same as that organization. Scammers will often switch just one letter in the URL to lure you into clicking on it. Once you do that, you’ll end up on a phishing site where they can steal your personal and other sensitive information.
11. Install an Antivirus and Anti-Phishing Solutions
Even though you might think that you don’t need AV software, it’s a good idea to install it on your computer, just to be on the safe side. This will automatically scan any email attachments before you download them and make sure you don’t download anything malicious.
In addition to antivirus, you should also use a strong anti-phishing solution. Here are a couple of anti-phishing solutions that we recommend.
12. Don’t Give Away Personal Info
This might sound like a given, but if someone asks for your personally identifying information (PII), or your credit card number, social security number, phone, birthday, address, or anything of the sort via email, don’t give that information away.
No reputable company will ask you for this kind of information via unsolicited email. If you receive it, it’s most likely a scam or a phishing attempt so be sure to report it to that company.
13. Don’t Reply to Spammers and Scammers
You might have seen some YouTube videos of people replying to spammers, like this one from James Veitch’s TED Talk.
Don’t try doing the same. It probably won’t end up well for you! Scammers do this for a living and are a lot more experienced at getting the information out than you are at keeping it.
14. Don’t “Unsubscribe” From Spam Emails
Scammers often put fake “unsubscribe” links in their emails as another way to trick people into landing on their phishing site.
Let’s say you’ve made a mistake and have opened a phishing site. “Luckily” you see an unsubscribe link at the bottom, so you’re thinking of clicking on it to avoid further emails from this scammer.
Or, in another scenario, the scammer will put the unsubscribe link or button in the email for you to click on.
Whichever the case, don’t click on it (or anything else in the email for that matter.
15. Don’t Let Employees Use Work Email for Private Messages
We already said that you should separate your work and private emails and you should make sure your employees are doing the same.
This primarily means making sure they are not using their work email account to send or reply to private messages, shopping online, signing up to social media, or doing anything else that is not related to work.
These rules should apply across your organization, from you as the boss, to the employees.
16. Use a Strong Spam Filter
Most popular email services like Gmail, Outlook, or Yahoo, have a pretty good spam filter. This will keep most unwanted messages from your inbox. However, from time to time, some spam messages might slip through the filter.
To avoid this, make sure that the filter allows you to block out emails that contain specific phrases or keywords. For instance, you can block emails that contain words like “weight loss”, “free iPhone” and the like.
17. Check Your Security & Privacy Settings From Time to Time
When was the last time you checked your email security & privacy settings? In fact, have you done this at all since you first installed your email client, or have you left it on the default settings?
Make sure that you review your security and privacy settings every few months or so on your email platform.
18. Double-Check Internal Emails
Although the vast majority of malware is spread via external email, there are some that also come via internal emails.
This is especially the case when the employee’s computer is already infected and they are now unknowingly spreading viruses to others via email. If you receive a suspicious email link or attachment from a coworker, be sure to check it with them.
19. Log Out From Your Email When Finished
For a computer that you only use at home, you don’t have to do this, but if you are using a company-issued device to log to your work email, always log out from it at the end of the day.
Do this especially if you need to carry your device a lot with you, as this will prevent someone stealing the device to simply start the email and get easy access to it.
20. Train Your Employees on Email Security Best Practices
Cybersecurity training is a crucial part of your organization’s cybersecurity strategy. Be sure that every employee, from top to bottom in your company is trained on this and knows what the email security best practice is at any given moment and at any given situation.
One good training practice you can implement is sending out fake phishing emails from an unknown account to your employees to see how they respond. If they reply, give out their PII, or click on unsolicited attachments and URLs, take them to one side and explain what they were doing wrong.
21. Use Encrypted Email Security Solutions
Although Gmail and similar email platforms have TLS encryption, this won’t be enough to secure your emails from hackers. What you need instead is a better secure email service.
Mailman is a 100% open-sourced and audited encrypted email service that uses both TLS and OpenPGP to keep your emails secure at transit and at rest.
Also, Mailman is the only email service that protects its users from JS injections, which are often used to serve malicious code and it is also resistant to Man-in-the-Middle attacks as it uses a web browser built-in kill switch.
Looking to protect your private or corporate email from scammers, or phishing attacks? Look no further than Mailman: Armored Email. Sign up today.