Email is as essential to efficient business as nearly any other tool we have.  Because of its pervasiveness and the massive amounts of sensitive information that is contained in emails, it also poses a major target for bad actors. The FBI’s Portland Field Office recently stated email “needs to be a fortress filled with defenses.”  It went on to elaborate on some email best practices which can be implemented regardless of the size or maturity of your organization. They include,

  • Don’t use free web-based email accounts for business purposes.  Instead, establish your own domain and create email accounts based on that domain;

  • Ensure that firewalls, virus software, and spam filters are robust and up-to-date;

  • Immediately report and delete suspicious e-mails, especially those from people you don’t know;

  • If you receive an email from someone who appears to be a legitimate contact, but you are wary, “forward” it back to the sender.  Do not hit “reply.” That allows you to manually type the known e-mail address or find it in your established contact list to confirm authenticity;

  • Don’t click in a moment of panic.  Hackers use social engineering to force you to act quickly without thinking.

  • Consider two-factor authentication for employee email.  This would include something you know (i.e. a password) and something you have (i.e. a dynamic/changing PIN or code); and

  • Create a security system that flags e-mails with similar, but incorrect, formatting.

Each of these are relatively small steps that can take you a long way in security your email; an otherwise highly vulnerable aspect of your security program.