Email is one of the most popular and useful online tools, and as such is also an attack vector of cybercriminals. Much of the malicious software found on computers is installed unintentionally by users when opening suspicious email messages. Malicious email can includes viruses, worms, and Trojans and is commonly known as "malware". Cybercriminals use email to distribute malware to conduct some of the most common email security breaches.
Fortunately, it's relatively easy to protect against most of these dangers, provided you put in place a consistent, constant plan to secure email and maintain a best practices approach.
A secure email protection plan has two parts: an email security policy employed by you and your employees; and email security software (featured in good anti-virus programs).
Email Security Policy
Many email security problems are the result of our own errors; viruses attached to emails, for example, usually don't take effect unless they are actively clicked on by a user. With this as a starting point, here is a review of the basic elements of a best practices security policy that should be followed by everyone using email:
- Never read unsolicited email or email from an unknown sender: the act of opening (reading) such email can expose your computer and network to outside threats.
- Never click on attachments from unknown senders: viruses and other malicious software lurk in attachments that often promise to be a picture or game.
- Never respond to financial or other offers, no matter how legitimate they appear to be: legitimate companies do not request confidential information such as credit card or Social Security numbers by email; any sweepstakes or other offer that looks too good to be true should be ignored.
- Never share your email account password: as with any password, email security information must be kept absolutely confidential.
- Never forward an unsolicited email: you shouldn't be reading it, much less forwarding it.
- Never use business email accounts for personal mail: by restricting business accounts to business use, you take a large step toward reducing the risk of email security problems.
Email Security Software
Anti-virus software includes email scanning tools that guard against the most common email viruses, worms and Trojans. To secure email effectively, certain email protection practices should be followed:
- Enable both incoming and outgoing email virus scans: should a virus enter your system from another avenue - an employee using an infected disk, for example, the outgoing mail-scan insures that the virus isn't transmitted
- Update anti-virus software often: if the software isn't updated, your email is vulnerable to the newest attacks; update weekly if not more often to keep your email secure.
- Make sure all anti-virus accounts and licenses are up-to-date and renewed: bear in mind that software license renewals are required for each employee computer or notebook.
Create an email security policy and regularly review it as an element of your company's overall business practices. The only sure defense against threats is a consistent and constant email protection plan.