Email Security Best Practices

Protect Your Business: Email Security Best Practices for Small Businesses

For most businesses, email is the most important communication tool. However, email remains a massive source for cyber security threats. Cybercriminals can spoof domains to appear as a legitimate source, distribute malware and spam via email channels, and use social engineering to trick users into making payments or giving up sensitive account information. So, what can you do to protect your business?

Here are three email security best practices you should follow to protect your business.

Best Practice One: Better Password Management

Start with the basics: email accounts still need strong passwords. You would be surprised how many people still use “password” or “123456” as their email password. Instead, your ideal password should be at least 12 characters long, contain a mix of numbers, symbols, and both upper and lowercase letters – and most importantly, it should be different from any other password you’ve used.

It’s not uncommon for employees to use the same passwords for multiple accounts: this is easy for them to remember, but also easy for hackers to gain access to all your business data. We understand strong passwords can be tough to remember. The best way to manage and keep your passwords secure is to implement a business password management tool, like the GTS Password Portal. Our system offers tiered access for everyone in your company: you can store personal passwords in your personal portal, and give access to shared passwords through a company portal.

Learn more about the GTS Password Portal and what makes a good password here.

*Pro Tip: You should also consider implementing two-factor authentication, which requires a second layer of verification during login (i.e. a code sent to your mobile device or a “tap to verify” prompt on your tablet). This extra layer of security can prevent someone from logging into your account, even if they have your password.

Best Practice Two: Safeguard Sensitive Content with Encryption

Encrypting email is an important email security practice to protect your user and company data by ensuring that the emails are only received by their intended recipient. The recipient will need to log in to view the encrypted email, giving senders more control and protection over their data. You can even revoke access to the recipient after sending your emails.

Email encryption is typically available through five platforms, but most modern email encryption services only use two of these platforms. This can cause problems if your recipient doesn’t have the right email protocols in place. However, our GTS EncryptGuard service ensures your emails never go unencrypted. If your email comes up against a compatibility error, we can change encryption methods to make sure your email reaches the intended recipient safely and conveniently, no matter what.

Best Practice Three: Train and Test Employees with Phishing Simulations

The biggest email threat to businesses is the phishing attack. Phishing is when a hacker targets a user with fraudulent emails, impersonation attempts, and social engineering to try and trick them into clicking on malicious links, sharing account details, or making fraudulent payments. The best way to ensure your employees can spot a phishing attempt is to put them to the test with a simulated phishing attack.  At GTS, our email security experts can craft a phishing scam that looks legit and send it to your staff and collect results. Who clicked the suspicious link, and who knew to delete the email right away? Once we know how your team reacts to a phishing attempt, we can recommend further security measures and training.

Another way your business can protect itself against phishing attacks is by implementing a secure email gateway, like GTS PhishGuard. This ultra-focused program targets phishing scams, and even pull emails out of your team’s inboxes if a message is identified as a threat.

Email security threats continue to change as hackers develop more sophisticated methods of accessing your data. At GTS, we are happy to help you identify places where your defenses could be stronger—and put safeguards in place to keep your business protected. Give us a call at 904-606-6011 or email to learn more!


Paul May