Do you want to know what the primary route is for hackers and cybercriminals to gain access to and compromise your small business’s sensitive company and customer data?
That’s right, through email.
So long as your small or mid-sized business has an online presence, you are a prime target for cybercriminals. Even if your business does not have all of the resources as a major corporation, you still do have valuable customer and business data that cybercriminals can use for identity theft crimes.
If you’re still not convinced that your business is truly at risk, from 2016 to 2017, the total number of small businesses that were the victims of a cyberattack rose from 55% to 61%.
That’s an astonishing figure, just to think that currently three out of every five small businesses with an online presence, and that figure has only continued to grow.
Since email is often the place where hackers will attempt to locate and steal your data first, it’s important that you take the necessary steps to secure your email against attack.
Here are the top email security tips for SMBs:
1. Encrypt Your Emails
Guess how many email users there are in the world?
Over two and a half billion.
As a result, it’s easy to imagine how many emails are sent every day, and it’s also easy to see how vulnerable your email can be to hacking.
Every day, almost half a trillion spam messages are sent, and many of those messages contain viruses that are designed to infect either a network or a computer.
To help protect yourself against viruses and other email attacks, you will need to encrypt your emails.
Email encryption simply protects your emails from being read by anyone other than the intended recipients. This is accomplished by taking your email message and applying a coding scheme to scramble the message into an unreadable format while it’s being transmitted.
A public key, shared with everyone, is used to encrypt the messages. A private key is used to decrypt, and is only private to the sender and the designated recipients.
There are a number of strategies you can use to encrypt your emails as well, but one of the most common is the PGP (Pretty Good Privacy) approach.
With this method, the message is compressed after it has been encrypted, allowing you to boost security and save disk space simultaneously. The PGP then creates a session key, which is sent with the encrypted text. The recipient then uses a private key to retrieve the session key and decrypt the code.
2. Utilize Multi-Factor Authentication
Setting strong passwords for your business email accounts and storing and changing those passwords often with the aid of a password managing tool, is without question one of the security measures that every online business should be taking.
Unfortunately, it’s not just enough to protect your email accounts against certain hackers. This is because once the password is cracked, the hacker will then have unrestricted access to your entire email account, and the data within it.
This is why setting up a multi-factor, or at least a two-factor, authentication to your email account is absolutely necessary. This way, even if a hacker is able to crack your password with brute force using specialized hacking software, they still won’t be able to gain access to your email account.
You’ve probably used two-factor authentication, abbreviated as 2FA, before. After typing in the correct password and username, you also have to plug in a PIN code or something similar that is generated on an app on your mobile device. This extra layer of email security is vital to the safety of your company data.
3. Secure Your Wi-Fi Network
There’s a very simple policy that you should follow in regards to Wi-Fi with your business: never allow any business email accounts to be opened by yourself or your employees at a public location (restaurants, libraries, airports, data center computers, coffee shops, etc.)
Furthermore, you should also make it a policy that your employees are not allowed to access their business email accounts from unsecured devices as well.
Why is this so important? Simple: public Wi-Fi hotspots are prime targets for hackers for keystroke logging, or where the recorded keys being struck on a keyboard are covertly recorded in addition to other hacking attempts as well.
In the event that you need to use a secured device at a public Wi-Fi hotspot, the safest course of action to take will be to use a trusted VPN system in order to connect to the internet.
Now of course, you might be wondering, ‘how can I secure my Wi-Fi network at home or in the office?’
Well, there are a number of different actions you can take here: you can change your admin username and password on a consistently regular basis (at least once a week), disable any and all guest networks, and activate encryption.
To be extra safe, you can also disable your router when not in use as well.
4. Train Your Employees
Last but not least, it will be absolutely necessary for you to train your employees on the basics of email security and other preventative measures to prevent hacking.
You also need to teach your employees about the most common hacking methods that are used as well.
For instance, they may receive an email from what appears to be a department at your business (such as the IT department) requesting a password change.
The employee then opens the link in the email and provides their username and password, only to later realize that they’ve just fallen victim to a phishing scam.
Another hacking method that employees should be aware of is a man in the middle attack when opening their business email account on an unsecured network while traveling or working remotely. It’s possible that this network has already been hacked, meaning that the hackers have access to login and account information if your employee connects to the network and submits sensitive information through a form (such as those on an email login page).
One final hacking method that you should warn employees about is the possibility of opening malware contained in an attachment from a contact outside of their contact list. This malware could corrupt your network or provide an access point for hackers to steal your information or hijack your network for other nefarious behavior. In fact, 1 out of every 131 emails contains malware in it.
It’s absolutely essential that you teach each of your employees about the different kinds of hacking techniques that can put your business and sensitive data at risk.
5. Configure your email authentication protocols
In addition to securing your own network, you also need to make sure that bad actors can’t hijack your business domain for the purposes of phishing or spam.
A common technique for hackers to steal other people’s personal information is to pose as a legitimate business in the inbox in order to get readers to unknowingly divulge sensitive data. As mentioned above, this technique is known as phishing, and you certainly don’t want hackers using your business name to send phishing emails to your customers or other people on the internet.
Luckily, there are technical measures that you can take to prevent bad actors from using your domain for sending phishing or spam emails. All you need to do is set up your SPF, DKIM, and DMARC authentication protocols.
These protocols allow you to communicate to email inbox providers which sending IP addresses are authorized to send emails using your domain. So, if a hacker tries to pose as you in the inbox, email providers will know that it’s not you and send the message straight to spam. Luckily, most SMTP server providers allow you to configure these protocols very easily.
To conclude, taking the above kinds of steps to protect your business email accounts against hackers and cybercriminals must be a top priority for any business.
Failing to do so could potentially allow hackers to steal not only sensitive information about your business, but also personal information entrusted to you by your customers. This data can then potentially be used for identity theft purposes.
If word gets out that your customer data has been compromised, it will result in negative publicity for your business and potentially even lawsuits. But most importantly, it will erode or completely diminish your customers’ trust in your business, which is a requirement if you want to achieve sustainable growth.
Fortunately, even though business email accounts may be prime targets for hackers, you can significantly reduce the chances that your email accounts will be hacked or compromised by taking each of the above steps that we have just covered in this article.
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cybersecurity, and cryptography.