17 January 2023 • Work safe & secure
E-mail is the most important communication method in business. Today, e-mails have the same legal status as paper documents. But the use of e-mail entails the necessary risks for SMEs.
SMEs that do not have their e-mail security in order are particularly at risk. Are your company’s e-mail servers insufficiently secured? Then this can have major consequences for your company.
What are the risks of poor e-mail security?
If your company’s e-mail security is not in order, it poses a major risk to your company. Spam e-mails, phishing e-mails and spoofing are terms that may be familiar to you. These are techniques used by cybercriminals to enter your systems via your company’s e-mail server, to cause damage or to steal data, often for financial reasons.
Spam e-mails are not only a nuisance, but they can also be very harmful. For example, if an employee clicks on a link in the e-mail or opens an attachment, malware (malicious software) can be installed.
In the case of phishing e-mails, employees are redirected to a fake website, such as a website that looks identical to that of a bank.
With spoofing, criminals have managed to get into your e-mail server and send e-mails from your company name, such as spam. In addition to financial damage, you also incur reputational damage.
It goes without saying that poor e-mail security can wreak havoc. Not only can import data from your company be stolen, but cybercriminals can steal money. Your company’s reputation is also at stake.
E-mail security is required by law
Business e-mail security is not only a necessity to avoid the consequences of internet crime. As a company, you have a legal obligation under the General Data Protection Regulation (GDPR).
The AVG is a European regulation that obliges companies to handle the privacy-sensitive data of customers and relations with care.
It goes without saying that if you don’t have your e-mail security in order, cybercriminals have much easier access to confidential data. With good e-mail security in the workplace, you meet the conditions stated in the GDPR.
How do you ensure business e-mail security?
There are various methods to ensure business e-mail security. We list several security options with which you can improve the e-mail security of your company.
A commonly used security method is e-mail encryption, i.e. encrypting all e-mails sent from your company.
E-mail encryption ensures that the text in an e-mail message is encrypted and converted to plain text. The recipient receives a so-called digital key to decrypt the message. E-mail encryption is done via a protocol that most companies and e-mail software programs use.
Set a strong e-mail password
Each e-mail account has a unique password that only the creator knows. You will be surprised how many companies and employees choose an easy password.
A good password has at least 12 characters and consists of upper and lower case letters, numbers and symbols. Do you want a strong password, but you have no inspiration yourself? There are digital password generators these days. Not only individual e-mail accounts must be provided with a password, but this also applies to the e-mail server itself.
Incidentally, a good password does not only apply to e-mail accounts and the e-mail server. Every employee must have a good password to log in. Ensure a screen is locked when the PC or laptop is not in use. In this way, unauthorized persons cannot physically use the PC if the employee is not there for a while. This prevents unauthorized access to e-mail accounts via unattended computers.
Set up an e-mail gateway
Prevent e-mails entering your organization from reaching the recipient directly, so you can delete malicious e-mails before they reach an employee. This can be done by installing an e-mail gateway on your e-mail server. All incoming e-mails are scanned for spam or malicious attachments. These e-mails are, as they were, set aside and do not enter the organization.
Set up a Sender Policy Framework (SPF).
In addition to checking incoming e-mails with a gateway, it is a good idea to check outgoing e-mails. Why? Because you can become a victim of spoofing, where your e-mail addresses can be used for spam, for example. A Sender Policy Framework (SPE) checks whether the person sending the e-mails is authorized to use the address. This also prevents your company’s e-mails from ending up in the spam box of the recipient.
Create awareness among employees about the risks
No matter how many technical gadgets you build into your e-mail systems, ultimately it is your team that poses the greatest risk to e-mail security. Spam e-mails do not open by themselves. This requires human work and people make mistakes.
Creating awareness among your employees is, therefore, very important. Offer your employees training on cyber security and how to use e-mail safely.
Guardey raises awareness of cyber risks. This is so that your employees recognize spam and phishing e-mails, for example, and damage to your organization is prevented.
Enter an e-mail policy
In addition to training, the introduction of an e-mail policy can raise awareness. With an e-mail policy, you place a lot of responsibility on the employee. For example, the e-mail policy states that it is prohibited to deliberately visit suspicious or unreliable websites or to send spam e-mails.
An e-mail policy is a big stick for employees to consciously e-mail. While policies vary by company, you can take a default e-mail policy and make specific adjustments to it.