3 MINUTE READ
3 Essential Email Security Tips
With so many email accounts getting hacked from the highest levels of government to the smallest cities and towns, it might seem easier to throw up your hands and just assume that all email is vulnerable. Looking at the worst-case email hacking scenarios, often conducted by the world’s best cybercriminals, you might think, “How will I prevent something like that from happening to my small municipality?”
However, those worst-case scenarios are rare. More commonly, mediocre to below-average hackers from all over the world are always trying to hack your email. That is why you cannot give up.
Your email contains some of your most sensitive information. Private correspondence about personnel, money, and legal matters needs to be kept private (or accessible only through open records laws). But email also seems like the loosest, least secure information in a municipality. (Usually) everyone has email, whether it’s on laptops, mobile devices, or desktops at home. That opens up many opportunities for risk.
With a set of simple best practices, you can secure your email and even increase the security depending on message sensitivity. Primarily, it helps to focus on three basic areas to make sure your email is secure.
While encryption is very complex, what you need to focus on is email encryption in transit—meaning that the email you send from your desktop or laptop (for example, from Microsoft Outlook) to your server is encrypted. Microsoft, as just one example, automatically encrypts your email when you use their Office 365 cloud services. This level of encryption ensures that most common hackers or eavesdroppers cannot see your message.
Unfortunately, some cities and towns still use Post Office Protocol (POP) versions of email, which is not encrypted. While that kind of email might be sufficient for personal use, it’s not a high enough standard for municipalities. If you are currently using POP mail, then you need to consider upgrading in order to ensure appropriate email encryption for your city.
There are still too many stories of email hacking occurring when people are tricked by spam and phishing attacks. When email security is rigorously set up, you develop a proactively blocked and safe sender email list over time. We recommend that you apply antispam harshly. Software is available where you can look at your spam on a separate server and see if valid emails are getting caught in the spam filter. Then, you decide to let them through instead of having to delete spam after it already gets to your inbox.
We advocate the goal (following in the steps of Google and Microsoft) of having traditional spam (such as Viagra emails or Nigerian money scams) to never even reach your spam folder. Ultimately, your spam folder should only contain things like unwanted newsletters, mass emails from businesses, and other unnecessary messages—with maybe only occasionally some traditional spam getting through. If your spam folder still looks dangerous and unmanageable, or if you still get spam in your inbox, your email security is failing you.
3. Attachment and URL Sandboxing
Sometimes, malicious attachments and URLs will make it to your inbox. This is where phishing attacks often succeed—when a user clicks on a PDF or website link that looks legitimate. Usually, email software can detect and prevent many files and links from ever entering your inbox. But antivirus prevents known viruses—not the unknown ones.
That’s where attachment and URL sandboxing comes into play. Basically, a “sandbox” is a safe place where an unknown suspicious file or URL can be analyzed to see if it’s malicious. Sandboxing is a great way to make sure that new viruses and malware get caught even before they’re recognized by an antivirus platform.
Too many email programs are still so loosely secured that viruses get through and people click on them. With municipal government, you cannot take that risk. Make sure attachment and URL sandboxing is integrated with your email to help stop viruses from getting to a user.
Correctly set up, your email security can be powerful and ward off most hacking attempts. If you’d like to discuss email security in more detail, please reach out to us through the form below.
More from VC3
Reading Time: 4 minutes In this article, we talk about basic data backup best practices your municipality should implement to prepare for cyberattacks or natural disasters.
Reading Time: 3 minutes In this article, we talk about how your municipality would benefit from a website rather than just a Facebook page.
Reading Time: 4 minutes