With more focus on working from home, it’s a great time to remind your employees of email best practices for businesses to keep your network safe. Here are six of Integris’s email best practices to keep your business connected and secure.
1. Never Use the Same Passwords Across Multiple Platforms
This makes more sense if you look at your passwords as a virtual skeleton key. Skeleton keys are specially cut to give the user access to every door in a building. If thieves manage to get a skeleton key, no room is safe; they can move from room to room and steal anything they please. Separate keys ensure that a thief has limited access and can only open the door that matches that key. That room may be compromised, but the rest of the building is safe.
Use complex passwords, and never store them on the computer in your notes. Avoid writing them down, and never share them.
A password manager can help your employees keep passwords organized and secure.
2. Look but Don’t Click
Be aware that cybercriminals are getting more sophisticated. They can send emails that appear to be from a reputable site or a trusted source. Often, the suspicious emails contain attachments that also appear to be legitimate. Once clicked, these attachments spread malware throughout your employees’ devices and your network.
As part of your email best practices for your business, advise your employees never to open an attachment unless they can verify the sender.
Integris believes in a zero-trust approach to cybersecurity. Never believe what you see, and always verify.
3. Never Open Emails That Contain Grammatically Incorrect Subject Lines and Content
No one is perfect and occasional spelling and grammatical errors happen to the best of us; but an email that has a heavily misspelled subject line is suspect. Likewise, if the content and body of the email contains many spelling and grammatical errors, it is most likely a phishing attempt.
Be on the lookout for very vague greetings, too; impersonal “To” lines and greetings are the calling cards of phishing attempts.
Phishing attempts may slide past your email and spam filters, so educate your employees.
4. Sense of Urgency and Requests for Known Information? Don’t Respond!
We’ve all heard the joke about a psychic asking a person’s name and the person responding, “Don’t you already know?” That’s exactly the concept behind phony emails requesting information that the alleged sender should “already know.” Examples include “banks” requesting account information, “HR departments” requesting social security numbers, or any sender requesting password updates.
If these are sent with a sense of urgency or any threat, it should be a double red flag for your users.
5. Email Best Practices: Verify, Verify, Verify
Your employees should be reminded to carefully check the sender address before opening any email. The differences are very subtle, usually involving a domain name change (.org vs .com, for instance) or a misspelling of the company or sender the email is allegedly from. Encourage your employees to reach out to coworkers for verification that an email was sent if they suspect it may be a phishing attempt.
Again, a zero-trust approach is the best way to keep your network secure.
6. Have a Plan in Place “Just in Case”
No matter how prepared your employees are, they still may accidentally click on a risky attachment. Have a plan in place, just in case. The plan should include, at a minimum, instructions for isolating the machine and notification procedures.
Make sure your data is backed up to the cloud for easy data recovery in case the unthinkable happens. Remember, breaches are not the only reasons your data can get deleted. Employee error, power outages, and natural disasters can also affect your data.
These tips and lots more are all covered under cybersecurity training. With so many of your employees working remotely, it’s more important to make sure they are protecting your network than it has ever been before.
Many industry specific regulations require cybersecurity training as part of their compliance guidelines.
Heads Up Before Requesting Information
As a CEO or business owner, you may genuinely need to send emails to your employees. Never ask for any personal information from them via email and advise them to reach out to your office if they receive any odd requests from you. Encourage them to touch base with their supervisors, HR, Finance, or any other department or co-worker if they spot odd, unsolicited information requests from those departments.
You may choose to notify supervisors before requesting any information from your employees to notify them that an upcoming request is legitimately from your office. Remember, though: never ask them to send sensitive or personal data of any kind via email. Encourage them to call a centralized employee for any information you may need or allow their supervisors to collect the information for you.
If these extra steps sound like a lot more work, just keep in mind: It’s far easier to verify communications than it is to clean up following a breach.
Email Best Practices at a Glance
For more information about email best practices for your business, request this beautiful breakroom poster, delivered to your office at no charge or obligation to you.
If you’re ready to see how Integris can help you boost your security, reach out to us for your free, no obligation consultation.
Not ready to chat yet? Click here for more valuable tools and resources, free to browse, download and use immediately.