Email Security for Small Businesses
A secure company email account is just as important for small and medium-sized businesses as it is for large enterprises. More often than not, it’s email-based breaches at Fortune 500 companies making the news, but SMBs are targeted by email threats just as often, if not more.
According to CNBC, 43% of online attacks focus on small companies. And a successful attack can cost up to $200,000, a hefty financial burden that puts most SMBs out of business for good.
Because smaller companies may lack the financial resources large enterprises spend on email security, any email security plan needs to be easily actionable and, most importantly, affordable.
Why Hackers Target SMBs
Multinational enterprises might be where the real cash is at, but for threat actors, these large companies are considerably harder to crack. Small companies, on the other hand, are notoriously lackadaisical when it comes to cybersecurity. An AT&T study found that only 53% of companies with 50 staff members or fewer placed a high priority on security, while a mere 30% of small businesses have security training measures in place.
SMBs represent soft targets, and because their digital defenses are poor, a shift is occurring where hackers are setting their sights on even the tiniest of companies. Even sole proprietors should take heed.
Additionally, SMBs can get caught in the crosshairs of an attack aimed at a larger corporation. Infiltrating a small partner company’s systems is an excellent way to climb the ladder and eventually reach the big target.
Emails have always been a primary vector for a range of cyberattacks. From targeted phishing attempts to malware hidden in legitimate PDF files, company email accounts face threats on a daily basis. So it makes sense for small businesses to secure their email accounts as much as possible.
5 Ways to Improve Email Security
Choose an encrypted email provider
Companies have more choices when it comes to their business email client than they may imagine. These days an increasing number of SMBs are making the switch from Outlook and Gmail to encrypted clients. It makes sense; end-to-end encrypted email providers are eminently more secure than others, as only the recipient on the other end has access to the information in a given message.
ProtonMail is one of the better-known providers, but Hushmail is just as efficient and offers dedicated solutions for companies in a range of fields, including healthcare and law.
Staff play a crucial role in keeping data secure, including that sent in emails. Accordingly, they should be taught email security basics and how to recognize suspicious emails. According to InfoSight, around half of all companies spend less than one percent of their security budget on employee training programs, a figure that makes little sense when you consider the cost of a hack versus the relatively low cost of training staff.
Employees should follow these basic email rules:
- Don’t open links or attachments from unknown senders
- No matter how official the email seems, don’t engage with any email that asks for personal or account information
- Encrypt emails containing sensitive data before you send them
- Use your company email address for work-related emails only
- Don’t forward company emails to third-party email systems
Get the right digital solutions
Digital tools can significantly boost email security. SMBs should have all of the following:
- Email scanners to detect any potentially threatening emails
- Anti-malware and antivirus (both are necessary) to contain any threats that reach a staff member’s device
- Virtual private networks to secure remote workers. The way VPNs work means they create a private browsing network and encrypt data in transmission
Set an email retention policy
Staff should delete emails that aren’t related to the business’ efforts. Many SMBs have a two- or three-month standard with steps in place that automatically archive or permanently remove older emails after a set time period.
Despite consistent warnings from security experts and articles such as this one in the media, some of the popular passwords are incredibly easy to crack. In 2019, for example, ‘12345’ ‘qwerty1234’ and ‘password’ were frequently used. SMBs should have an email account password policy that dictates a 12-character minimum and a mix of numerals, special characters and upper and lower-case letters.
Brad Smith is a technology expert at TurnOnVPN.