Well, schiesse.<\/em> <\/em><\/p>\n\n\n\n Despite leading cyber security companies shouting from\nthe rooftops about the importance of email data security and promoting the use\nof employee awareness training and implementing other preventative measures, we\ncontinually see reports about businesses that have fallen victim to various types\nof phishing attacks<\/a> and malicious spam email attacks. And the resulting\nlosses are anything but \u201cchump change\u201d \u2014 these attacks have been known to\nresult in tens\nof millions of dollars<\/a> being lost to cybercriminals.<\/p>\n\n\n\n So, how can you help your company avoid the undesirable\ntitle of being the next victim of a data breach due to phishing, malspam, and\nother predatory tactics? By following email security best practices.<\/p>\n\n\n\n Let\u2019s hash it out.<\/span><\/p>\n\n\n\n AT&T\nCybersecurity<\/a>, formerly AlienVault, reminds us that to be compliant,\nenterprises are frequently required to host their own email servers rather than\nrelying on third-party email services. This is a great thing if you\u2019ve taken\nthe time and invested the resources necessary to strengthen your defenses.\nHowever, it can be a bad thing if you haven\u2019t bothered with those things and\nsuddenly find your email under attack. Not only does this leave your data at\nrisk, but it leaves your organization open to noncompliance fines, penalties,\nreputation loss, and lawsuits from customers who data and information are affected.\n<\/p>\n\n\n\n As much as we\u2019d like there to be, there\u2019s no silver\nbullet \u2014 no one-size-fits-all approach to securing email communications to\nprotect your company from those who attack via email. Unless, of course, you\ncount not opening emails<\/em> as an effective solution\u2026 But in our modern\ndigital and connected world, that simply isn\u2019t feasible. <\/p>\n\n\n\n This is why a multi-layered approach to cyber security is\nimperative. Not all email-based cyberattacks are successful when you and your\nemployees follow set guidelines for secure use of email. This list of best\npractices includes a combination of technologies that you should integrate as\nwell as behaviors that you and your employees should adopt. <\/p>\n\n\n<\/span><\/span>\n\n\n Looking for some good business email security best\npractices? Here are things you can<\/em> do to protect your business from\nemployees engaging with phishing emails, malspam, and other malicious messages:<\/p>\n\n\n\n Having a developed and comprehensive cyber security plan\ncan help your business avoid or be prepared to face many of the threats that\nlurk online. No matter how big or small your organization is, if you don\u2019t yet\nhave a cyber security plan, you need to get one. Now. <\/p>\n\n\n\n If you\u2019re not sure where to start when creating a cyber\nsecurity plan, look at the Federal Trade Commission\u2019s (FTC\u2019s) Cyberplanner 2.0<\/a>. Though it was\ndesigned with small businesses in mind, this online resource was created with\nthe goal of helping organizations map out a customized cyber security planning\nguide. Just keep in mind, however, that this is just a starting point and\nshouldn\u2019t be your final product. Your cyber security strategy should include\nguidelines, policies, recommendations, and requirements regarding the\nimplementation and use of technology. This includes email communications. <\/p>\n\n\n\n Sadly, yes, we need to stipulate that because some people\n(not you, of course) will just run with the content that\u2019s provided by the\nFTC\u2019s cyberplanner tool. So be sure to really review, strategize, customize,\nand make the plan your own to suit the specific needs of your organization. <\/p>\n\n\n\n Cyber security awareness training is vital for every\nemployee at every level within every organization. It doesn\u2019t matter whether\nyou\u2019re a Fortune 100 company or a small mom-and-pop operation \u2014 whether you\u2019re\nworking the CEO, a middle manager, or a staff assistant \u2014 you\u2019re still a\npotential target for cybercriminals. This means you need to be able to properly\nreact to email-based threats.<\/p>\n\n\n\n When one of your employees receives a phishing email with\nsome type of an attachment, there are two main ways they can respond: <\/p>\n\n\n\n As the example above shows, effective cyber awareness\ntraining can help your employees learn to identify and safely handle spam and\nphishing emails. This includes training them to correctly flag spam and other\nmalicious emails. However, it\u2019s essential to stress that this training is not a\none-off solution. It\u2019s something that continually needs to take place because\nemail scam tactics have evolved past the conventional African prince scam we\nall know and (don\u2019t) love. In fact, some phishing emails are so convincing that\nthey can fool even experienced IT security experts<\/a>\nand c-suite executives. <\/p>\n\n\n How you choose to implement the training is up to you \u2014\nsome companies prefer computer-based training. Other prefer face-to-face or an\nintegration of the two methods. Do whatever works best for your company and end\nusers. Just be sure to keep doing it and to periodically test your employees\nwith phishing simulations. <\/p>\n\n\n\n Cyber security awareness is like a muscle: The more you\nwork it and keep it engaged, the stronger and more honed it will become. If you\nbecome complacent \u2014 the cyber security equivelant of a \u201ccouch potato\u201d \u2014 you\u2019ll\nsee your employees\u2019 sense of cyber awareness gets \u201cout of shape\u201d and becomes ineffectual,\nleaving your organization defenseless against email-based cyber threats. I\u2019d\nsay nobody wants that, but then I\u2019d be lying \u2014 cybercriminals are hoping for\nexactly that. <\/p>\n\n\n\n Many antivirus programs come equipped with many features\n\u2014 and mail filters and scanning capabilities for files and websites may be\namong them. If so, put these capabilities to work for your advantage. These can\nhelp you identify some forms of malware and other threats to help prevent your\ndevices or network from becoming infected. If you can, set the antivirus\nprogram to work with your mail proxy\/relayer to scan emails to filter out\npotentially malicious emails to keep them from being delivered to your (or your\nemployees\u2019) inboxes. <\/p>\n\n\n\n Really take the time to familiarize yourself with all of\nyour antivirus program\u2019s features. This way, you\u2019re not paying for a system and\nend up leaving some of its benefits unused. \nAlso make sure to include information about the antivirus program as\npart of your employee cyber training \u2014 after all, what\u2019s the good in having a\nstrong antivirus program if your end users are just going to ignore it?<\/p>\n\n\n\n If you aren\u2019t already maintaining a current list of\nbanned email addresses (a blacklist), what are you waiting for? This list helps\nto prevent known spammers or cyber threats from ever making through to your\ninbox. Whether you\u2019re doing it in-house or are using a third-party blacklist\nauthority, just make sure that it\u2019s being done at all. There are a few ways to\nmaintain the list \u2014 it can be maintained by domain, email address, and IP\naddress\/range. <\/p>\n\n\n\n Nearly as important is what\u2019s referred to as a whitelist\n\u2014 or the list of email addresses that are permitted through your filters and\nserver. This list also can be maintained through those same three components\n(domain, email address, and IP address\/range). <\/p>\n\n\n\n Cyberattacks frequently involve credential compromise\nbecause it provides the greatest access for the attacker. Wombat Security\u2019s 2019 State of the\nPhish<\/a> report shows that credential compromise increased by more than 70%\nsince 2017. Research<\/a>\nfrom Verizon\u2019s 2019 Data Breach Investigations Report (DBIR) shows a \u201c98% rise\nof compromise of web-based email accounts using stolen credentials – seen in\n60% percent of attacks involving hacking a web application.\u201d<\/p>\n\n\n\n These statistics underscore the importance of having a\ncomplex, hard-to-guess password. After all, what\u2019s the point in investing\nthousands of dollars every year in IT security measures if you\u2019re simply going\nto hand a hacker the keys to your kingdom? A strong password is one that: <\/p>\n\n\n\n Password-guessing tools can submit hundreds or even thousands of words per minute in brute force attacks. To make your password more guess-resistant if you want to use words that are semi-easy to remember, intersperse numbers or symbols in place of letters throughout them. For example, instead of using kittycat<\/em> or ilovecatssomuch<\/em> as your password, use something like K17tyC@t!<\/em> or I<3C@tSs0Muc#<\/em>. <\/p>\n\n\n\nEmail security best practices in 2019 that will strengthen your cyber\ndefenses<\/h2>\n\n\n
![\"HIPAA](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/02\/Secure-Email-300x300.png\")
<\/figure>\n<\/div>\n\n\nEmail security best practices tip #1: Create a comprehensive cyber security\nplan that includes email<\/h3>\n\n\n\n
Email security best practices tip #2: Regularly hold employee cyber awareness\ntraining<\/h3>\n\n\n\n
\n
![\"\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/08\/Security-Workout-300x300.png\")
<\/figure>\n<\/div>\n\n\nEmail security best practices tip #3: Invest in quality antivirus measures<\/h3>\n\n\n\n
Email security best practices tip #4: Create email blacklists and\nwhitelists<\/h3>\n\n\n\n
Email security best practices tip #5: Use strong, hard-to-guess passwords<\/h3>\n\n\n
![\"\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/08\/bigstock-Password-Icon-Isolated-On-Whit-296149894-300x262.png\"){kind=icon}
<\/figure>\n<\/div>\n\n\n\n