Guest Contributor: Idan Udi Edry, CEO of Trustifi.
Massive hacking and data breaches of companies are on the rise—and no industry is exempt. Retailers, federal organizations, law firms, and social media and e-commerce sites have all recently been hacked. As of 2017, over 2.3 billion usernames and passwords from 51 different organizations and companies have been stolen. That fact shouldn’t be taken lightly—with so many consumers implicitly trusting their company or their organization with their information, a leak causes considerable damage to a company’s brand. In fact, one study found that 19% of consumers would even stop shopping at their favorite retailer once it’s been hacked.
But while most news coverage has been devoted to leaked usernames and passwords, companies’ email communications have also been increasingly easy targets for criminals. A company’s emails contain a treasure trove of private information on contracts and deals, corporate strategies, employees, customers, and other companies, and many organizations are still wildly behind industry standards for secure email communications. New cybersecurity tools have made it easier for companies to protect their emails, but there are a few basic steps that every organization should be taking to improve their cybersecurity infrastructure:
- Secure Their Network
Regardless of whether a company is a small business or a large corporation, securing their network is one of the most basic steps they can take to keep their email protected. It’s highly recommended that a business uses a private network, makes sure their servers are protected by firewalls, and regularly utilizes anti-virus/malware software.
Since hackers only gain access to certain systems through vulnerabilities or weak points, it’s crucial that businesses keep their operating systems and software as up-to-date as possible. For instance, one of the worst ransomware attacks (ransomware holds your information hostage and releases it unless the victim pays) in history happened through older versions of the Windows operating system—computers that had the latest update were spared.
- Use an Encryption System
Encryption is a way to lock certain information until unlocked by a key—usually a unique code that’s sent through other means. For many industries that have a duty to protect consumer or client information, like doctor’s offices and law firms, state and federal guidelines mandate email protection through encryption.
Encryption is important because documents containing sensitive information are sent through emails all the time. Insurance forms, in particular, contain a plethora of personally identifiable information (PII) like health insurance numbers, driver’s licenses, social security numbers, addresses, and more.
That’s why a business’ HR department needs a solid email encryption strategy—with access to W2s and other financial records, they’re incredibly attractive targets to hackers.
- Teach Cybersecurity Awareness
It’s crucial that your entire organization knows what best practices are for protecting your emails—both when they’re at work, and at home. Personnel should be reminded to never download third-party apps, practice multi-factor authentication, always use encryption, and avoid suspicious websites at all costs. And with more companies allowing workers to bring their own tech, companies are beginning to implement Bring-Your-Own-Device policies that regulate how employees use their devices.
Of course, cybersecurity awareness is an ongoing process. Regular workshops, meetings, and presentations for new and ongoing employees are a great way to ensure there are no vulnerabilities within your organization. In the same vein, it’s also essential that you update and test your company’s data security policies so they’re always up to par.
Some of the biggest email leaks in recent years were the result of phishing attacks, a type of scam that uses a malicious link to download malware or gain access to a person’s information. Phishing emails are getting more and more sophisticated, with some scams using an email that’s one letter off a supervisor’s or CEO’s email to get unsuspecting personnel to click on it. In one case, a human resources department sent a hacker 900 employees’ tax information from someone who was impersonating the company’s president.
A simple solution would be to postmark emails. Postmarking emails isn’t just a great way to avoid being sent to a spam folder – they can also be used to make sure the email is being sent from a trustworthy source. Postmarked emails also act as a kind of certified email service, meaning it’s considered an official way to send sensitive documents like marriage licenses or birth certificates.
- Using Multi-Factor Authentication
The most rudimentary step a company can take is to make sure every employees’ accounts or email content containing sensitive information are protected by a strong password. Most people know the basics: don’t use any personal data, don’t repeat passwords, and don’t use sequences of characters or numbers that are obvious or close together on the keyboard.
But in the age of sophisticated breaches, companies need to add multi-factor authentication to their cybersecurity protocols. Multi-factor authentication is a system that protects the contents of your emails by sending a unique code to another device. It’s typically a PIN or a secret phrase that prevents anyone other than the recipient from reading the email. That way, even if a bad actor somehow learns an employee’s email password, the contents can still be protected.
- Email Tracking
As we saw from the Sony Pictures hack from a few years ago, a company’s internal communication should almost never be made public. A company’s standing and reputation can be seriously damaged if it’s ever leaked, so it’s essential that your personnel know who’s opening their messages, and when they’re being opened.
This is why more and more businesses are using secure email services to implement email tracking; a detailed email tracking system can help alert an employee if their email has been read by someone who’s not supposed to have it, and alert people
- Use Backups
One of the most devastating attacks that can happen to a company is a ransomware attack. When an organization’s crucial data is being held hostage, many organizations have no choice but to pay. Having a reliable backup can mean the difference between losing decades of data and giving in to the demands of a hacker.
Thankfully, many email backup systems also offer a “self-destruct” option that can wipe emails with sensitive data. This is also an especially useful tool in case an employee’s device is ever lost or stolen.
Implementing these security measures is essential. Playing catch-up when it comes to cybersecurity is a mistake. Hackers and scams are becoming increasingly sophisticated, and the less prepared you are for a cyber attack, the more your company could lose. So before it’s too late, implement these basic measures to protect everything you’ve built; your business and livelihood might just depend on it.
Author – Idan Udi Edry
Idan Udi Edry is the CEO of Trustifi, a software-as-a-service company offering a patented postmarked email system that encrypts and tracks emails. Before his work with email encryption, Idan served as an Israeli Air Force officer for more than eight years, reaching the rank of captain and leading hundreds of professionally trained military personnel in building and operating advanced information systems. A trusted authority in information technology and data security, Idan has 13 formal certifications from the most renowned IT and telecommunications organizations, and his insight has been featured in major publications like Fox News, Bloomberg BNA, and MD Edge.