Hershey Vera, Negosentro | Nobody who got through your company’s rigorous hiring practices is dumb enough to fall for old-school email scams – at least, that is what every business owner wants to believe just before a serious and debilitating malware attack.
The truth is, if you aren’t actively protecting your business’s devices and educating your employees about safe email practices, you are likely putting your data – and your clients’ data – at risk. Bigger, stronger businesses than yours have crumbled after a cybersecurity catastrophe because of hubris. If you continue to commit the following four email mistakes, you will continue to be vulnerable to cyber-attack – and your business could fail.
1. Refusing to Acknowledge Email Threats
This is easily the most common and most dangerous of email users’ mistakes. From the beginning, email has been an incredibly insecure method of digital exchange; email’s creators hardly expected the service to become the bedrock of communication and collaboration that it obviously is today. Thus, the first step to protecting your data from email-based threats is accepting that email is not inherently safe to use.
There are a handful of security risks associated with using email. First, email is an excellent transmission source for viruses and other malware. Without much effort, cybercriminals can craft emails that look legitimate, convincing unwary email users to download programs that pilfer data and destroy devices. To protect your business from these threats, you should have strong email and collaboration security tools that continuously scan for malware. Additionally, devices and servers can be hacked with relative ease, exposing all data sent and received.
2. Setting Weak Passwords and Never Updating Them
Just because your password isn’t “123456” or “password” doesn’t mean you password is strong. Most people use relatively transparent personal information to create passwords; for example, names of family members (including pets) and birthdates are relatively common bases for passwords and relatively easy to procure from public social media profiles. Worse, plenty of your employees likely set a poor password when they begin working and never bother to change it, giving cybercriminals more time and opportunity to reach your business’s data.
You can instruct your workforce to make stronger passwords, perhaps by increasing character minimums to 12 and requiring symbols, numbers, and capitals. You can use programs that force your workers to change their passwords every few months, preventing them from reverting to codes they’ve used in the past. However, recent research has found that these measures have a negligible effect on security. A much more practical approach to strengthening passwords is adopting a multi-factor authentication system, which will send temporary passcodes to personal devices or dedicated fobs when your workers try to log in.
3. Allowing Sensitive Data to Be Sent Over Email
When you send an email to one person, that email exists in four places simultaneously: your device, the network, the server, and their device. At any one of these locations, a hacker could sneak in to steal whatever information you sent. On your computer or your recipient’s smartphone, an onlooker could merely peer over a shoulder to access data; networks and servers are often less protected, making digital infiltration at these points almost easy.
Therefore, you should be careful what data you send and receive through email. Because email is such a convenient communication method, most people have all sorts of information cycling through their digital inboxes, including travel plans, medical appointments, and even financial info. One solution is to cease sending and receiving sensitive messages altogether, opting instead for using expensive and slow hard copies. A more reasonable solution is to be more serious about encryption.
4. Trusting Email Clients With Encryption
Most people who use email expect their email providers to handle encryption services. Meanwhile, most email providers believe it is users’ responsibility to enact encryption when they need it. The result is that an overwhelming amount of email sent is utterly exposed, so any potentially confidential data enclosed in them is exceedingly easy to obtain.
Not only should you find a reliable email encryption service, but you should make certain that your recipients to the same. Otherwise, your emails will only be protected until they reach your recipients’ servers, at which point they are translated to plaintext and open for any moderately skilled hacker to read.