Top 5 Email Best Practices
Email is often the task we turn to with a tired brain. After powering through a long project, we open up our inbox to clean up the emails with a fresh cup of tea in hand. It’s our end-of-Friday task before logging off for the weekend. Or we return from holiday to 85 emails and have to sort through and prioritise all of them before normal work can resume.
But, according to our partner Mimecast, 91% of attacks by sophisticated cybercriminals start through email.
As you sift through a mountain of emails, you’re much more likely to open a suspicious email accidentally, a few clicks here and there, an attachment downloaded and all of a sudden, malware is hiding on your computer compromising sensitive data and important files.
We believe that your overall cyber security strategy depends on how well you manage your inbox.
Does that sound radical? Not if the sophisticated cyber criminals know that too, and are actively trying to exploit any weaknesses.
Here are 5 email best practices to implement today, starting with your inbox!
1) Create a system of sorting through your emails
Email software is powerful! You can designate emails from known senders (like your team members or accounting department) to go straight to important folders, so any unfamiliar emails rise to the top of your slimmed-down inbox. Then, instead of mindlessly opening every new email one-by-one before sorting them, anything out of the ordinary (and that made it through your existing spam filter) is right in front of you to critically examine.
2) Be Skeptical
Don’t stop at tip #1! Why? Because phishing emails masquerade as emails from senders you might recognise. Or, they may be from a new sender, but they will try and direct you to a (seemingly) legitimate web location, which you may be familiar with. That’s why you should
- Ensure that the sender’s email domain is valid for the organisation attempting to contact you. Especially for financial institutions, etc.
- Read the content critically, checking for unusual requests and odd formatting.
- Don’t open any attachments you aren’t expecting! And try to contact the sender by an alternative method to confirm the authenticity of the file.
3) Ask a Friend
Scam emails try to use your emotions against you. They’ll use phrases like:
Change of password required immediately!
Official Data Breach Notification!
Update your details to avoid account shutdown!
Phishing emails will make any attempt to evoke fear, panic or curiosity, so you interact with the email content and hopefully click a link, enter your details or download a file. Ask a friend or colleague to take a look at the email, they may see a suspicious detail you missed. Waiting before taking action can reduce the likelihood of being tricked!
4) Don’t Ignore Multi-factor Authentication (MFA)
Even if they uncover your account password, MFA puts extra layers in place to keep a cyber criminal away from the sensitive data that you have access to. If you’ve been ignoring your system prompting you to set up 2FA or MFA, then don’t delay any longer. Having to respond on a second device or enter a code from a text message is a simple and proven way to guard your systems. Spear phishing is an attack method which is increasingly common and targets, for example, the leadership team of an organisation who may have financial authority or access to sensitive data or administrator access. Make sure your email platform requires MFA for anyone with those levels of access.
5) Invest in Cloud-based Email Security
Even if you follow tips #1-4, out-of-date software could be your downfall. Mimecast email security experts shared this advice with us:
The right security technology can aid in detection and automate crucial processes, such as detecting suspicious URLs, identifying suspicious keywords and matching known sources of scams and threats to a blacklist. Simply put, it adds another layer of protection – think of it as a safety net – for best practices revolving around people and processes. That way, when someone inevitably makes a mistake, the technology steps in and protects them and the organization. The technology sandboxes or blocks the malware, just as an inoculation blocks a real-world or virtual virus. Staying current with technology, software and systems that provide real-time targeted threat protection is paramount.