Email security is important for everyone, but it should be a top priority for business owners. Hackers with criminal intent target personal email accounts, but they put more effort into compromising business email accounts. From their perspective, with access to a business email account, there’s more to steal.
If you own a small business, you must take email security seriously.
There’s one move that will address a large portion of your email security needs—opting for a managed email hosting service. After a brief discussion of the risks involved in an email breach, we’ll go over how a secure hosting plan puts up a shield between your business email and hackers. We’ll then discuss four email security best practices to keep your business data safe and sound.
Why email security matters
A compromised email system can put sensitive business information at risk.
One unpleasant scenario is where hackers obtain credit card information or customer data that would enable identity theft. It’s your responsibility as a business owner to keep customer data secure.
Criminals also attempt to use email systems to gain access to a business’s web hosting accounts. Domain theft is just one of many motivations a hacker may have to compromise your business email account.
A hacker’s goal may be to take over one of your business’s email accounts and use it to blast out messages containing a phishing scam. Who would those emails go to? All the people in the hacked account’s contact list, i.e. your clients and partners!
If your email account or your bookkeeper’s email account got hacked, would the criminal have access to your business’s financial systems? All it takes is one email containing top-secret login credentials. A data breach like that could sink the company.
Hackers use email as a way to infect computers with malware; with just one click on the wrong link, a malicious program can be secretly installed. It might be a key-logging program allowing the criminal to grab customer data and see credentials you entered in login forms, a ransomware denying system access until you pay, or a virus designed to corrupt data.
Malware is like a vampire—it can’t come in without permission. It requires the action of a user to infect computers—the action of an unwitting email user who clicks the wrong link or attachment.
There are steps you can take to avoid nightmare scenarios. One involves selecting a secure email hosting plan, which we’ll cover in the next section.
For business, use secure email hosting
A business needs to have control over its email service, and you can’t get that with a free, generic account. Given the relatively low cost of email hosting and the fact that there’s so much at stake when it comes to business email security, opting for commercial email hosting is a must.
No commercial email service recommendation over free service would be complete without a point about customized business domains. The domain portion of your business email addresses can’t be “@gmail.com,” “@yahoo.com,” “@aol.com,” or anything like that. It’s not professional. With commercial email service, you’ll have email addresses like [email protected] and [email protected]—addresses that legitimize your business in customers and partners’ eyes.
Back to email security. The massive user base of free email services is an attractive target for hackers, so using a free service is inherently less secure than if you pay for email hosting. It’s also possible that you could lose access to a free email account, for example, if it gets suspended because of the misdeeds of a hacker who has gained access.
If your business email service is run on your hosting provider’s managed servers, you’ll have full control over your account and be able to rely on their experts to help keep your data safe. You’ll know exactly what security measures are taken by your host, and have the power to implement additional security as you see fit.
When it comes to email security, a high-quality hosting plan does a lot of the heavy lifting.
The best hosting providers go out of their way to implement bulletproof email security: from the implementation and management of server firewalls, monitoring, and intrusion detection to DDoS attack prevention and response. If a problem occurs, there will typically be system resource redundancy, so there’s no interruption in service.
With your provider’s security pros on the case, there are only a few things you’ll have to concern yourself with regarding the protection of your business email. We’ll discuss those things in the next section.
Business email security best practices
Business email security is easier for solopreneurs. The business owner has special responsibility for keeping the business email secure. Adding a single employee, and their email account, the chances for a security breach increase, especially since the second user may not be aware of email security best practices.
This section covers four business email security best practices that you should follow, and, if you have employees, all these recommendations call for defining strict policy guidelines. You’ll need to regularly remind employees about the security guidelines and constantly reiterate how important email security is to the business.
Don’t mix business with pleasure
It’s important to use separate email accounts for business and personal communication.
For most of us, having one personal email account is the best approach for our communications’ centralized management. We have everything sent there, from newsletters, social media notifications, and website registrations to password resets and two-factor authentication codes.
Having centralized management of your business email is smart too, but business email and personal email must be kept separate.
When someone uses their personal email for business communications, there’s an increased risk of having sensitive business information compromised. Initially, a hacker may be targeting the personal account, and then they find an unexpected goldmine—business emails—an opportunity for more lucrative maleficence. They’ll put on another pot of coffee and get to work trying to hack your business’ operational systems.
For employees, have a policy in place. Tell them their business email accounts should be used only for work-related messages and that they should not do business using their personal accounts. Make this a bullet point in your monthly security awareness reminder.
Use an unhackable password
Hackers break into systems by obtaining a user’s password, sometimes by secretly installing key-logging software on your computer. In other cases, they guess the right password, but that only happens when the account owner has set a hackable password.
What makes a password hackable?
It’s too short, it’s too simple, or it’s based on the account holder’s personal info.
An email password, especially when protecting your business email account, should be a unique, strong password.
When you set your email password, use a combination of upper- and lower-case letters, include numbers and special characters, and don’t use personal info like names and birthdates. A system-enforced password policy can handle all this for you by making it impossible to create passwords that don’t meet specific criteria, or you can simply apply the rules yourself and instruct employees to do the same.
Set up two-factor authentication
Given that business email is more sensitive than personal email, with higher stakes if a security breach occurs, business owners are justified in implementing what would otherwise be an extreme security measure. Enabling two-factor authentication (2FA) for business email accounts is one of the best ways to lock down access to those accounts. After entering their password with 2FA in place, the user receives a code, usually via text or email. Only with that code can they complete the login process.
If you have any financial services accounts, say a banking or personal investment account, there’s a good chance the provider spent the last couple of years encouraging you to use 2FA. Then they decided for you, requiring that all accounts use 2FA.
Those companies protect people’s money and focus more heavily on security than businesses in other industries. All business owners should learn from the financial services industry’s broad adoption of 2FA as a crucial component of account security.
Beware of business-focused phishing scams
One of the main ways hackers exploit email is through phishing attacks, attempting to get sensitive data like login credentials and credit card data. Hackers make their messages appear as if they’re coming from a trusted source, but they’ll include malicious download links or attachments designed to install malware on your computer.
Most of us have become sensitive to the sort of phishing scams that come through our personal email. They’re usually pretty easy to spot. Email scams targeted at businesses tend to be slightly more sophisticated.
Hackers often employ something called spear phishing. It involves a lot of work from the criminal, but the result is a highly customized message intended to fool a specific target organization. The hacker’s email will be a clone of a trusted company’s message, matching the logo, font, and brand colors. They’ll use an email domain that, at first glance, looks like the real thing, but upon closer examination has a misspelling.
Hackers use these tactics because they work. Even experienced users who are on the lookout for such attacks sometimes fall for them. It’s important to remind employees that they should carefully check emails and be wary of links and attachments. Malicious links, usually with shortened URLs to aid their disguise, can be hard to detect. All users of your business email should preview links with a tool like CheckShortURL.
With vigilance, you can avoid falling for phishing scams and keep your business email secure.
Protect your business email
If you own a small business, email security should be a top priority. Hackers will exploit any weakness, so you must take steps to protect your business from their malicious activities.
Using a managed email hosting service is one of the most important elements of business email security. With commercial email hosting, you can rely on the provider’s security experts to implement measures like server firewalls and intrusion detection.
Best practices like keeping your personal and business email separate, hardening your email security with strong passwords and two-factor authentication, and keeping an eye out for malicious links also go a long way in keeping your business email secure. If you and your employees take email security seriously, you’ll be able to protect the data and operational systems that are crucial to your business.