Presents -- IT Information for Small Business
Working from Home
Security and Firewalls
Email - Proper Use, Security and Services

Email has been around for quite some time now and it is used very extensively.  Private email is just that, it is your email address and you can use it how you want.  But What about company email?  Most jobs will assign an email address for you and most companies should have an email policy on how it is used.  The address is usually some form of your name + the company domain address.  But just because it has your name on it does not mean it is yours. 

Private vs Company eMail

Private email is an email address you setup or subscribed to for your private use.  Most people use a public free email account like GMail.  Public free email is usually free and is easily accessible through a web interface allowing access to it from anywhere. 

Company email is not private in that you don't own it.  Your company owns it.  Using it is usually with conditions and a company policy .  It can be tempting to use it for personal correspondence because it is convenient.  However there can be legal consequences that arise from using company email to send private messages.  An example would be if you sent something controversial out with your companies heading on it, your company can be libel for any negative feedback it creates.  That in turn could get you fired and possibly in legal trouble.

But, what about signing into your private email at work?  That may be your private email account but you are now violating your contract with your employer by sending email from company property on company time.  Sure it could be your lunch time but again, it is coming from the company IP address possibly making the company libel for your messages sent from their network.

Most people can setup their emaill on their smart phones.  That is one way to avoid getting into trouble at work provided you do it on your time.  However, if you are on the company WiFi with your phone, you can still be opening the door to trouble.  So, stay off the WiFi when doing personal email on your phone, and do it on your time or out of the building using the cell tower connection.  So much headache avoided.

Email Security

Email security is a technique for keeping sensitive information in your email and accounts secured against unauthorized access, loss or compromise.  Email is a very popular way for the spread of Malware, Spam and Phishing attacks using enticing messages to get sensitive information.  Clicking on unknown attachments or hyperlinks can open up programs that will install malware or virus' on the device you are using.  (Another reason not to use private email on a company computer.)  Email is also a common way for attackers to look at gaining access to information from an enterprise network breaching valuable company data. 

Email Security Best Practices

Email security isn't a one item solution, it is the use of several methods. 

1. Employees - Educate employees about email security, how to avoid falling victim to phishing and malware attacks.  Understand that even if your organization had virus protection, spam protection and hardware firewall protection, a simply click within an email can still open a pandoras box of trouble because the user just said YES by clicking on something suspicious.  Woops!

2. Spam Fighters/Email Scanners and Anti-Virus Software - There are many spam fighting tools out there, some software and some hardware.  A spam fighting tool is one way to limit the amount of email spam that comes into a users email by scanning the email for malware or other suspicious content.  NONE are perfect but many are pretty good.  Most come with the ability to set the strength of the spam tool which will allow less or more spam to come in.  the reason for this is that some legitimate emails might be looked at as spam even though they are not.  Spam engines look at the content of the email and determine it's level of danger.  A single word can cause a legitimate email to be flagged as spam and sent to the spam folder.  Most spam filter tools allow a user to look at the spam folder to see if there are any good emails in there that got flagged for some reason. 

Anti-virus software should be mandatory for all employees.

3. Strong Password - Employees should be required to use strong passwords and make policy that they should be changed periodically.  Never share passwords with anyone, including co-workers.

4. Email Encryption - Use email encryption to protect attachments and email content.

5. Security Practices for BYOD - Have a policy for best security practices for employees that are allowed to use their own devices that access company email and data.

6. Webmail - Webmail is email that is signed onto from a web interface.  This is where strong passwords come into play as well as encryption.

7. Sensitive Data - Create a policy for sending sensitive data being send via email.  As mentioned above, encryption can be set to avoid attackers from getting access to sensitive data. Try to send as little sensitive information as possible by email and send sensitive information to only those that require it.

8. Public WiFi connections - Avoid accessing company email from public WiFi connections.  Public WiFi connections like coffee shops are prime for hackers to scan all devices in the shop for volnerabilities.

implementing good email security measures will help mitigate many of the risks that come with email useage by many employees and prevent sensitive data loss or infections from happening.

For help in setting up your corporate email or securing your email systems contact us at info@a-integrity.info