Tips and Tricks for Improving Business Email Security
Email security is increasingly becoming an issue for companies which need to secure company data, stay in compliance with regulations, and just generally avoid wasting valuable IT resources. Here are a few areas to look at to improve email security in your business, large or small.
Protecting Your Company from Phishing
Phishing emails are emails that are designed to grab your passwords for popular sites and services. Gmail is a specific target of many phishing scams, as is banking information, PayPal accounts, and iTunes accounts. And it’s hard to accurately distinguish a phishing email from an email that may be from the real company, since identity thieves are becoming more sophisticated. The most sophisticated way to protect your business from having an employee’s password stolen is setting up 2-step verification for Google Accounts. With this, employees must provide additional information when logging in to confirm their identities.
Internal training should also take place on a regular basis to teach people how to spot phishing emails. Even very intelligent people can be fooled by the methods spammers use, which include using domain names that are very close to the legitimate one and real company logos.
What to Do if Your Account Is Compromised
Follow the extensive steps in the Gmail security checklist. Out of everything else, ensuring a strong password that consists of upper and lowercase letters, numbers and symbols is probably the best move. Some administrators enact policies where users must change passwords at certain intervals, and while these can be disruptive to a workforce if done too often, changing them at least annually will help to keep your company email secure.
Protecting Outgoing Emails
Spoof Detect with SPF
In the world of email, this acronym doesn’t refer to sunscreen strength. It stands for Sender Policy Framework, and setting it right can keep phishers from using your company email to send their spam - a practice known as “spoofing”. If your company has been on the Internet for any length of time, you’ve probably received at least one angry email wondering why you are sending a user spam, where the email doesn’t even look like it’s been sent from your company save for the domain name. Why does spoofing even happen? Since spammers are usually dodging spam regulations and, in some cases, hawking illegal or suspect products, they don’t want the email trail to lead back to them. So they hijack the email servers of a legitimate company to send out their missives. Additionally, setting up SPF records will be another way you can skip the spam filters in your client’s inboxes; emails with proper SPF records are less likely to end up there. Creating an SPF record will ensure that spammers can’t do this with your domain. Instructions for setting it up for Gmail are here.
Extra Encryption with Virtru
While Gmail is more secure than other options on the market, sometimes compliance, heightened risk of hacks, and regulatory concerns require a bit more than it has to offer. If that is the case, consider Virtru. It can be installed for free, and its basic features include the option to send encrypted email to selected recipients with a key allowing only them to unlock it, the choice to disable email forwards, the ability to set an expiration date on an email, and the ability to revoke access to sent emails at any time.
If you want to graduate to a paid business account, you’ll find solutions for specific industry sectors, including healthcare, and a special package for extra Google Apps for Work encryption. If you have any questions about adding extra layers of security to Gmail and your Google sign-ons in general, contact UpCurve Cloud. We’re always eager to help our clients improve their security so they can waste less time on IT headaches and spend more time on their businesses.