Brushing Up on the Basics: Email Security Best Practices for Employees

Even the best cloud-based email security solution can’t catch every malicious email. This is why arming employees with email security best practices is so important. Here’s a list of four things employees can do to help augment your organization's email security and improve cyber resilience for email:

1. Be Careful with Passwords and Credentials

Even if you use a secure email provider, users need to protect their privileged credentials. Weak and recycled passwords are common, something that inherently makes everything less secure. The same goes for sharing passwords among team members – what this practice gains in convenience it certainly loses in security. Two-factor authentication is a baseline defense. Sloppy password management creates an open door for hackers.

2. Don't Trust Emails, Even if They’re from Inside

Business email compromise (BEC) tactics get through enterprise email security solutions seven times more than email-borne malware. And threats that can come from a bad actor inside your organization may use internal phishing to spread an attack.

3. Check URLs “On-Click/Every Click”

Most people don’t actually look at a URL, much less closely examine it, before clicking it. We have an inherent trust when someone we know, or think we know, sends us a link to click. This inherent trust makes users prone to malicious URL phishing. Skillful cyber thugs capitalize on this weakness with typo-squatting (URLs that look correct at a glance) and other sneaky techniques. These cybercriminals are increasing their use of malicious URLs to trick you into giving up credentials or installing malware, which can cost even small companies large amounts of money in recovery costs and downtime. Your best defense is automated real-time, on-click/every click URL scanning.

4. Don’t Trust Attachments

When users are busy working through tasks and in a hurry to get work done, they tend to end up clicking on something they shouldn't. Many times, this can be an email attachment that is made to look like a legitimate file sent from a trusted source. Usually by the time they figure out they have clicked without really looking at the email and attachment, it’s probably too late. That pesky malware or ransomware is already infecting and moving through your organization's network. Remind users not to open attachments they’re not sure about. And, of course, use an email security system that applies sophisticated techniques to detect email-borne malware.

The Bottom Line

While having to be continually mindful of these four things employees can do to help secure their organization may seem overwhelming, the fact remains that every user plays an important part in safeguarding against savvy cybercriminals. It is also the responsibility of every organization to ensure their employees are supported by the latest human risk management technology.