All Articles
How to protect your email conversations: 5 email security best practices

How to protect your email conversations: 5 email security best practices

5
min read

The majority of us use a business email address to send and receive dozens of emails daily, but how secure are those conversations?

At many companies, the answer is “not very”. Without proper security measures, organizations are vulnerable to email attacks and having their private conversations accessed. 

A few relatively small changes can make a big difference in keeping your email data safe and secure. Learn more about protecting your company’s email conversations with email security best practices like using strong passwords and two-factor authentication. 

Why is email security important?

There’s a lot of misinformation and scare tactics around digital threats, so much so that you may wonder whether there are even real cyber threats to your organization. Unfortunately, the risk of email threats is very real. 

91% of cyber attacks begin with an email, specifically a phishing email — a scam email designed to look legitimate. 91%! Since the average cost of a data breach in the U.S. in 2022 was over $9 million, it’s worth investing in email security to better protect against these attacks. 

Implementing email security best practices protects your organization from these cyber attacks. Of course, you can’t entirely eliminate the risk of attacks, but you can greatly reduce the likelihood that any email attacks on your company are successful. 

Try these 5 email security best practices

If you want to improve your email security and protect your email conversations and data, try these email security best practices:

1. Offer cybersecurity awareness training 

It’s very difficult to defend against threats you have never heard of or don’t understand. That’s why training your employees on cybersecurity awareness is so important. Your employees are your first line of defense against email attacks, but they can also be your biggest cyber security risk without proper training.   

Train employees to identify red flags of potentially risky emails such as:

  • Emails from an unknown sender
  • Emails with a vague subject line (or no subject line at all)
  • Excessive spelling or grammatical problems
  • Urgent calls to action (e.g., “expires soon!” or “must act now!”)
  • Inconsistent information (e.g., a sending email address that doesn’t match the email’s contents)

Employees should also learn to avoid sending sensitive information over email whenever possible. In addition, teach them not to click on suspicious links or potentially malicious email attachments. 

You can use free email security training provided by Amazon, or find another program or trainer to prepare your team for security threats.

Hold these training sessions regularly to keep employees up-to-date about the newest threats and best practices to combat them. After training, some companies take it a step further and send mock phishing emails to see who, if anyone, will open them. The employees who fall for these fake phishing emails need additional training. 

2. Require strong passwords

Weak passwords leave your team’s email accounts vulnerable to unauthorized access. As convenient as it may be to use passwords like “password1” or “abc123,” that’s a recipe for security problems. 

Instead of allowing your team members to choose any email password, set some requirements to ensure everyone uses strong, secure passwords. For example, you might require email passwords to have all of the following:

  • Eight or more characters
  • A digit (0-9) or symbol (e.g. &, $, !)
  • An uppercase letter
  • A lowercase letter

Encourage your team members to create a unique password they don’t use for other accounts. Otherwise, if one of their accounts is compromised, others will be, too. Using a tool like 1Password can help employees keep track of various strong passwords.

3. Enable two-factor authentication

Using strong passwords isn’t necessarily enough to keep bad actors out of email accounts. So step up your email security even more by instructing team members to use two-factor authentication. 

Two-factor authentication is a security measure requiring users to authenticate their identity through two methods. The typical authentication method is a username and password, but if users also have to provide additional means of authentication, their account is that much more secure. Two-factor authentication offers an extra layer of security so just knowing someone’s password isn’t enough to break into their account. 

To enable two-factor authentication in Google Workspace:

  1. Go to the menu in the Admin console.
  2. Go to Security > Authentification > 2-step verification.
  3. Select the organizational units you want to use two-factor authentication and click “Allow users to turn on 2-Step Verification.” 

If you want to make using this feature a requirement rather than an optional security measure, choose “On” under Enforcement. The two-factor authentication requirement will start immediately. 

4. Encrypt your emails

If your work emails contain sensitive or personal information you wouldn’t want just anyone to see, encrypting them can be a good idea. Without encryption, it’s possible for bad actors to intercept and read the contents of your team’s emails. 

Encryption converts the plain text of your team’s emails into ciphertext — an unreadable, randomized series of letters and numbers — so that’s no longer possible. Generally, the recipient’s email software will automatically decrypt the message so it appears just like any other email. In some cases, though, the recipient may need to enter a passcode to view the message. 

Think of encryption as putting a letter in an envelope before mailing it rather than just sending a postcard. Now, the contents of your messages are hidden behind an additional layer of security. Your team should also encrypt email attachments even when attaching them to encrypted emails. 

You can enable email encryption in Google Workspace by going to your Google Admin console. 

  1. Navigate to Apps > Google Workspace > Gmail > User Settings. 
  2. Select the groups you want to enable encryption for, and select “Enable S/MIME encryption for sending and receiving emails.” 
  3. Click through the optional settings and click “Save” to keep these changes. 

5. Carefully select email extensions

Many email providers like Gmail allow users to install optional extensions and add-ons that enhance the software’s functionality. These extensions offer a variety of useful new tools and features, but you want to make sure they don’t pose a risk to your email security. 

Email extensions generally require you to grant several permissions, such as access to your inbox, contacts, and calendar in your email account. If you grant these permissions to unreliable companies, you may compromise all your email data and conversations. 

Carefully vet all your email extensions before allowing your employees to install them. Read reviews and look for possible red flags that the extension isn’t trustworthy so you don’t get caught off guard. 

If available, review the extension’s security page like this one from the Streak Gmail extension to learn how the company protects your security.

Protect your email content by implementing email security best practices

Cyber attacks via email can cause serious harm to organizations, so companies have to take steps to protect themselves. 

By implementing email security best practices like vetting your email extensions and training employees on possible threats to reduce your risk, you can put yourself in a position to avoid email breaches and attacks. The majority of cyber attacks are preventable — stay aware and take action to protect your email conversations and data before cyberattackers strike. 

We're hiring

Come build something great with us.