How to Improve your Email Security

Updated: Jun 18

Email is a popular messaging method used by many, particularly in organisations. However, dangerously it is also an effective entry for cybercriminals to enter your domain with spoofing and phishing attacks becoming common via emailing.

In an organisation, it could only take one employee not being sufficiently vigilant about email security to compromise the safety and security of countless others, and even the whole enterprise.

In fact, your employees are the biggest vulnerability you have, so an email security plan really starts there. It will only be a matter of time before your organisation falls victim to an email hack attempt, but its impact doesn’t have to be devastating if you’ve got a ‘best practice’ in place and know exactly what to do.

So here are 18 tips your company can adopt to improve your Email Security:

1) Use stronger passwords

Believe it or not, one of the primary ways hackers get inside email accounts is by guessing usernames and passwords. If you can make your password so complex that it can’t be easily guessed – either by a person or a password generator – then you stand a much smaller chance of being successfully attacked.

The more complex the password, the more time it takes for the software to figure it out. The passwords that follow the best practices outlined below would take 200-500 years to break.

Here are the essentials for a strong password:

  1. Use upper and lower case letters

  2. Use numbers and special characters

  3. Use random numbers and letters rather than words

  4. Never use your birthday, hometown, school, university, or brand name

  5. Avoid common letter-number substitutions

  6. Think in terms of phrases or passphrases rather than words

Not only should passwords be complex, but you should use a different one for every account you have. And if you find it difficult to memorize passwords then use a password manager, but never write down passwords or store them in files. Implement a password management system like two-factor authentication (2FA) for an extra layer of security. Organizations have started using SMS codes for employee logins as a secondary authentication to passwords.

2) Using two-tier authentication

It might sound technical, but using two-tier authentication is quite straightforward. Moreover, it is guaranteed to add an extra layer of protection to your emails. There are often options within your email client that will enable you to add that service. You can also download specialized software or use a different cloud email provider if you cannot add two-tier authentication with the system you use at the moment.

The concept is simple. But it is an excellent data loss prevention practice as it makes life much more difficult for hackers and those who wait to sneak a peek at your emails.

Even if a criminal manages to guess or retrieve the passwords to your account, two-tier authentication will mean that the individual will still require a code to get your messages and cause issues. That code is usually sent to your phone via a text message. Do not make the mistake of sending it to your computer because you never know who is watching.

Two-tier authentication is one of the best ways to protect social media or a web application from a data breach. It also works with virtually any cloud storage service you might be using.

3) Use SSL (Secure Sockets Layer) or TLS (Transport Layer Security)

Transport Layer Security (TLS) is a security protocol that is widely used to secure the data that travels between a web browser and a website via HTTPS.

TLS can also be used to encrypt the contents of emails to ensure they can’t be read by anyone other than the intended recipient. This means it is its highly effective at preventing eavesdropping – the practice of hackers reading and/or tampering with communications. Of the various mechanisms available to encrypt communications between email servers, TLS is the easiest to set up.

SSL and TLS are very similar. When used for sending emails, both result in your emails being sent securely between your computer and your SMTP service. Your SMTP service should also properly encrypt emails (using the latest version of TLS) between itself and the recipient’s mail server. This step in the email delivery process requires the recipient’s mail server to support SSL/TLS. SMTP2GO always encrypts emails wherever technically possible.

4) Be extremely careful about opening attachments or links

If you ever see an unknown link in an email – especially from a sender you don’t recognize – do not click on it. Hackers like to use malicious links to compromise a recipient’s computer system and will disguise them as something else. The same goes for attachments. If you don’t recognize an attachment or aren’t sure why one was sent, ask for confirmation before downloading it.

If possible, scan any email with an attachment before you open it, especially if it is from someone you don’t know. Nine out of ten viruses or malware get on to computers via attachments.

5) Don’t reply to spam or phishing schemes

Replying to spam just notifies the spammer they’ve “got a live one”. Don’t do it. Besides, more than 3% of spam carries malware. If that sounds like a paltry percentage, go look in your “bulk” email folder, aka your spam folder. You’ve probably got a couple hundred spam messages in there right now. That translates into six or more malware emails, just sitting there, waiting for you to click them.

Now what is phishing you may ask?

Phishing is a straightforward concept many hackers will use to steal email and account information by tricking individuals into handing over their details.

The process usually works like this:

  1. The hacker sends emails that contain a link to a site you know.

  2. The victim clicks the link and finds themselves looking at a familiar website. That is often their bank or something similar, but the site is fake.

  3. The victim then enters their email address and password to log into their account.

  4. The fake phishing site steals the email and password before passing it back to the hacker.

  5. When someone at a company falls victim to advanced malware attacks and phishing emails, it can become a disastrous situation.

That is especially the case in instances where the business uses the same passwords for everyone in their office. Hopefully, that should help to highlight how important it can be that you develop strong and unique passwords for all your workers.

However, a phishing attack is no longer as apparent as it used to be. Hackers are becoming increasingly sophisticated, making it more difficult to identify it unless you pay attention to details.

6) Never click the “unsubscribe” link in spam emails

Let us presume for a moment that an email managed to get through your spam filter and antivirus programs. You open the message and then discover that it looks like a phishing scam or something similar. There is an unsubscribe link at the bottom of the page, and you wonder if it is sensible to click that to prevent further emails from the unwanted source. Whatever happens, make sure you never click that unsubscribe link. Hackers will often place them in emails in an attempt to fool you.

If you decide to click the unsubscribe link or do it by mistake, there is a reasonable chance you will land on a phishing site that will attempt to steal any information it can gather. The link could also provide hackers with a backdoor into