Although email is extremely convenient for workplace collaboration and communication, employees tend to use email folders as a personal storage center, and, by all reports, are still flouting convention when it comes to secure email policies. As such, mass amounts of an organization’s sensitive information wind up in an email server inbox, which is dangerously unsecure. This is why the importance of having the best email security solutions in the workplace cannot be overstated.
Ponemon Institute’s Study on The State of Email Encryption
Ponemon Institute conducted a study to review concerns regarding the risk of unencrypted email. In the study, Ponemon Institute surveyed 557 IT security practitioners and 273 IT, legal, and other compliance specialists. The study discovered the following:
- 69% of respondents believe employees disregard policies regarding unencrypted email.
- 70% of respondents are concerned about email security on mobile devices.
- 59% of respondents believe email is one of the primary sources for data disclosure.
- 61% of respondents said employees send unencrypted sensitive information through email.
- 52% of respondents claim to be frustrated with the email solution currently used at their workplace.
The Risk of Unencrypted Email
As a business owner, it’s essential to ensure that email content remains confidential between the sender and the receiver. Especially if the email includes sensitive information, such as social security numbers, medical data, credit-card numbers, names, and addresses. If this information is sent in a standard, unencrypted email, the email is in plain text – simple to read for anyone who wants to intercept the email. If the email is encrypted, it’s unreadable to anyone who doesn’t have the decryption key.
If you’re neglecting email encryption, you may want to rethink it. The consequences of unencrypted email are vast; a data breach will be much more expensive than simply implementing a cost-effective email encryption solution. Also, email encryption is necessary to comply with various laws, such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and Sarbanes-Oxley Act.
Tips to Improve Email Security
Now that you’re aware of the concerns and risks associated with unencrypted email, it’s time to improve email security within your organization. Here are a few quick tips to help you improve email security in your workplace:
- Find and implement a policy-based encryption solution to protect sensitive information in emails.
- Establish a secure solution for sending and receiving emails via mobile devices.
- Create and enforce an email policy detailing acceptable vs. unacceptable email use.
- Investigate and comply with industry-specific laws and regulations regarding email encryption.
Here are some further tips for better email security:
- Use password resets. These email security tips from The Guardian offer some practical password advice:
- The longer the password is, the better.
- Use a combination of numbers, lowercase and uppercase letters and special characters.
- Do not use real words in your passwords. The majority of hacking attacks cycle through dictionary words, which means if you use a real word in your password it is more likely to be broken.
- The best passwords are randomly generated strings of characters (16 or more).
- Never use the same password twice.
Password managers like LastPass or 1Password can help you remember complicated passwords by storing them all in a secure place, but your primary account password should probably be stored in your own memory. It’s okay to write your password down if it helps you to remember it, as long as you store it in a safe and secure place—not on a post-it note next to your keyboard.
- Trim the fat. While trimming out all email communications from your business isn’t an effective – or even viable – solution to ensuring complete email security, you can trim the fat a good deal. Making sure that the emails you send are as secure as possible will protect you, your business, your information and most importantly these days, your customers.
Try to evaluate all of the material that goes into the emails you send and cut out what may be compromising (and train your hirelings to do the same). Email servers tend to have large amounts of free storage available, but that doesn’t mean that all your proprietary data should be stored there.
- Set up two-factor authentication. Also known as 2FA or MFA (multi-factor authentication), two-factor authentication lets you get a little more technical and a little safer. Setting up 2FA is an absolute must, and, even with your password, no hacker in the world would be able to access your email. The most effective 2FA entails sending a confirmation code to your phone.
Most secure providers offer options for 2FA, sometimes called “2-step verification” or “second sign-in verification.” Two-step verification is a pretty straightforward concept; in addition to your username and password, you have another form of identification, normally consisting of a code generated by a key fob or a smartphone app, that has to be put in at the time of login and changes every minute or so.
- Never access work email via public computers or networks. This one is a no-brainer: Never access business email accounts from public places, and make it a workplace policy that no employees are to ever use public or unsecured devices to access work-related materials.
While hotel lobbies, airports, libraries, and data center computers are convenient locations to check email, they’re also a natural target for keystroke logging, data-packet-sniffing and other hacking attempts. If you must access email via a public machine, make sure you have two-factor authentication enabled through your webmail provider, which gives at least one more level of protection.
Need an IT Mentor to Help You with Email Security in the Workplace?
To learn more about the importance of email encryption, give us a call at (954) 717-1990 or send us an email at email@example.com.
LAN Infotech can help you select and implement the best email security solutions in your workplace to protect the sensitive information in your employees’ email communications!
LAN Infotech is a Microsoft Cloud Services Provider, IT Managed Support company and a leader in helping law firms, nonprofits and medical organizations deploy cloud solutions, manage computer networks, keep data protected and top technology management company. Businesses like yours need technology support to run highly-effective organizations.