Skip to main content

4 Email Security Best Practices Your Employees Don’t Know

By September 22, 2015March 29th, 2019Blog

Most likely, you’ve trained users on standard email security best practices, such as keeping passwords safe and not clicking on web links from senders they don’t know.

But with such a high number of email threats coming into enterprises, it may be worth the time and effort to deepen their education and to broaden their security practices. Here are four they might not know, but could strengthen your email protection and even help them to be more productive:

Set junk email filters higher

Many businesses use Outlook, and employees are often not aware that this common email program has a number of junk email settings that can improve security. The first step for employees is to tweak the strength of a junk email filter, since Outlook often has low-level security as a default, to allow more messages to come in. By setting the filter higher, the program delivers stricter filtering controls, and employees can check their junk mail filters to see if any important messages got blocked.

Be cautious with bulk mail

Maybe an employee takes a quiz on his lunch hour to find out his Star Wars name, or he signs up for an industry-specific email newsletter that’s supposed to increase his sales leads. Whether for personal or professional reasons, these signups happen all the time. Many companies depend on those email addresses for selling services and products, but they also sell those lists, just as customer lists get sold in traditional direct mail.

A good spam filter can block some of the unwanted messages that come through as a result of these list sales, but not all — and it only takes one malicious email to infect an entire company. Train your employees in the judicious use of bulk mail, and to distribute a company email address wisely.

Don’t give out login information over email

In some spoofing attacks, hackers will use social engineering to find out the name and email address of a company’s IT manager, help desk manager, or CIO. Then, that information is used to send fraudulent emails to employees, alerting them to a technology issue, and asking them to confirm their login information, including passwords and VPN credentials. Or a message could look like an email from the CEO, asking everyone to click a link to a relevant presentation or article. These kind of spoofing attacks are particularly dangerous, because they can cause such widespread harm to an enterprise. Users should be taught that IT would never ask for login information over email, and to carefully check the email address of each sender.

Log out

It sounds like such a simple technique, but many people have a tendency to keep their email open and active, and may even have both personal and professional email on at the same time. If those accounts are on a laptop, that would leave the whole system open if the employee loses the machine, and a thief could impersonate the employee. Making log-outs a part of security training can be a quick, easy way to add a level of security just by creating better technology habits.

When considering additional ways to handle email security, learn how Sendio can reduce threats, and improve the email experience throughout your organization.