Email Safety Best Practices
Kristina Finseth — Jan 4, 2021
In light of recent events, millions of professionals have been required to take their work home instead of commuting to the office. Employers have become responsible not just for keeping the tasks of business moving, but also facilitating their employees in a brand-new remote work environment. Among the many challenges of logistics, communication, and access to work resources, one substantial challenge is email safety.
The good news is that this path has been well-traveled in the last five to ten years. Remote work has been explored, tools created, and cybersecurity achieved by previous teams. The next step for your team is one of procedure, putting the available tools and best-practices to work so that each remote member of your team can maintain cybersecurity for themselves and for the company data they access.
Start by selecting the software and cloud solutions for your team. Work with your IT department or an outsourced cybersecurity team to determine the right stack for your remote workflow. Select B2B software solutions that are known and proven to be secure and are trusted in the industry. Do a test-run, integrating your selected stack on the types of devices your team will be using to confirm that you have achieved the desired workflow and security standards.
When this is done, you’re ready to implement company-wide cybersecurity with each remote team member individually and in team groups.
Next, make sure everyone who will be working remotely has the tools and resources to do so. Not everyone who has been sent to work from home will have the right personal computer for the job, if they have a computer outside of work, and many will not have an internet plan fast or broad enough to work efficiently.
Provide employees who are ill-equipped with the equipment they need. We also advise providing a work-at-home stipend for upgrading your employees’ home internet plans. Provide this stipend across-the-board, if possible, so that employees who already have fast internet (and may have already been doing some work from home) are asked to pay no more for work-speed internet than their co-workers who had a slower connection.
Passwords are essential to personal security inside and outside the workplace. The trouble is that most people, in an effort to remember their passwords, often choose unsecure phrases or words that can be guessed or programmatically derived by hackers. The best way to ensure that every employee has a strong password is to walk through the correct password creation (and memorization) technique as a team.
Do not use the three-word password fad, this is only secure against some types of password hack. Instead, walk your team through creating acronym passwords, ideally from a personally written joke phrase. Funny things are much easier to remember and less annoying to type as we have a chuckle at each login. Acronym Method Example: “My dog makes a funny face when she eats peanut butter” becomes “mDm@ffw5eP”, a password hacker will surely never guess and cannot programmatically derive.
Encourage your team to create and use multi-factor authentication for every login related to the company, and for their own personal use as well. Multi-factor authentication is essential for foiling hackers who think they have an “in”. There are two forms of multi-factor authentication, and both are extremely useful. The first type is the confirmation type authentication. When a new device or IP address attempts to log in, the user is sent an email or SMS for a one-time confirmation. This also alerts users if someone else has tried to log in as them, and stops the hacker from gaining access.
The second type is non-alphanumeric passwords. Picture-selection, dot-line drawing, spoken passwords, and biometrics like fingerprints and iris or face scanning all ensure that only the approved employee can access their files, even if a hacker has their alphanumeric password. These methods are usually used to defend a potentially stolen device, or a device borrowed by family.
One of the unique features of our current working situation is that your team is remote, but they are not necessarily mobile. Rather than team members traveling, doing field-work, or taking business trips, everyone should be home safe. This means that most of your employees will have only one, maybe to login locations. If a new location logs in, this is a red-flag that should cause a security alert and a necessary second-factor authentication (or even admin approval) for the login to be successful. New locations, especially those far from the employee’s known location, are often an indication that hackers are trying to use a known login.
Be aware, hackers have become savvy and are selling each other stolen info based on zip-code to try and circumspect this security measure. So get specific to IP address and right down to the neighborhood to be certain that a local hacker isn’t taking advantage.
One of the most important considerations when it comes to email safety, unfortunately, has to do with employee vulnerability to scams, especially “phishing” attacks, which come in the form of emails that appear legitimate but are designed to grant access to sensitive information. Perform regular trainings so that your employees know what to look out for and consider running tests to see what sorts of attacks your company is vulnerable to.
Keeping your company data and your employee’s at-home devices secure is a new challenge that many companies are facing in light of recent at-home requirements. Don’t let your team get tripped up by avoidable security oversights. Walk your team through installing, configuring, and protecting their new software stack so that company resources can be accessed and kept safe in the same new workflow.