Email Security – Are your teams secure?

5 May 2022

Email security is a big deal with the recent data breaches and hacks appearing in the news daily, but many business owners don’t know how to secure their email. In this blog post, we’ll go over what you need to do to keep your teams safe from cybercriminals and data breaches. We’ll cover best practices for encrypting emails, protecting sensitive information in emails, and creating strong passwords. Are your teams secure? Read on!

Email Encryption

Most modern email services encrypt emails during transit using a technology called TLS (Transport Layer Security). This technology scrambles your emails whilst they are being sent and received but does not protect them “at rest” whilst they are sat on your devices or the devices of those that you’ve sent them to. There are lots of tools available for encrypting email, some more technical than others, for example, PGP encryption has been a pretty robust tool for encrypting email (and files) but it can be somewhat complicated to setup (PGP was famously used by Edward Snowden whilst communicating with reporters from The Intercept under the moniker of “Citizenfour”).

As workplace tools have become more consumerised and the popularity of web based platforms like Google Workspace and Microsoft’s Office 365 have made headway, we’ve seen new user-friendly encryption tools become available to the mass market like Virtru – a tool that enables you to send encrypted emails to your colleagues (or external partners/customers) without having to install any complicated tools or manage your own encryption keys.

Another popular encrypted email service is the Swiss based Proton Mail Developed by a team of scientist from CERN, Proton Mail enables users to send and receive encrypted emails between users on and off the platform. The service now offers a business plan with the option to add your own domain name.

Protecting Sensitive Information

So how about protecting sensitive information? What if you need to share things like ID documents or sensitive user credentials over email but don’t want those messages sitting around in people’s mailboxes forever? Google Workspace has a new feature called Confidential Mode.

With Gmail confidential mode, your users can help protect sensitive information from unauthorised or accidental sharing. Confidential mode messages don’t have options to forward, copy, print, or download messages or attachments.

Confidential mode lets you:

  • Set a message expiration date
  • Revoke message access at any time
  • Require a verification code by text to open messages

Microsoft’s Office 365 platform has a similar (if somewhat complicated to setup and manage) system that lets you assign access rights to emails.

Creating Strong Passwords

We’ve all been working for passwords for years now and managing passwords amongst a busy team can be a security nightmare (and a massive headache) without the right tools in place. Using a password manager with team sharing functionality is a must – there are lot’s on the market today but 1Password consistently comes out on top in reviews and user feedback.

1Password allows you to create secure encrypted password “vaults” where you can store all of your access credentials safely. The software will automatically generate long complicated passwords that are completely unique for every service that you use.

For business users, you can set up teams and group employees by access required for their role and then safely share credentials amongst them. The tool comes with extensive logging, fine-grained privilege control, and advanced features like alerts when a site that you use has been compromised or warnings if you’ve used the same password twice.

Enable 2 Factor Authentication

Strong passwords and encryption are great for keeping things locked down and safe but with a rise in sophisticated phishing campaigns designed to steal your passwords or trick you into logging into expertly crafted fake login portals – we need to do more.

We have one more tool in our email security arsenal and that’s “Two Factor Authentication” sometimes called “2FA”. It pretty much does what it says on the tin and requires you to provide a secondary form of authentication at login in combination with your username and password – usually in the form of an SMS message or a time-sensitive code (like your online banking uses). Both Microsoft and Google offer 2FA options for securing your account with Google going one step further by offering a dedicated hardware key called a Titan Security Key.

Two-factor authentication is a great way to add another layer of protection for your account. It can help protect you from hackers and keep your data safe.

We want to help you get a handle on cyber security so that it doesn’t cause you or your business stress. All of the steps outlined in this blog post are important, but what may be most crucial is taking action today. If you have any questions about these tips or just need some guidance with implementing them into your own company, don’t hesitate to reach out for a free consultation. Let’s make sense of cybersecurity together!

Read more

Work from home – Do you have it all figured out?

Work from home – Do you have it all figured out?

In the modern digital age, working from home is a reality for many people. But with so many opportunities to work remotely, it's important to take steps to protect your company data and keep it secure. This blog post will explore some of the best practices you can...

Security Culture – It takes the whole team

Security Culture – It takes the whole team

A security culture is defined as "the set of shared beliefs among members of an organization about how they should act to protect themselves and the organization from harm" . It is created by leaders, managers, employees, and customers. If your team doesn't have a...

A common sense approach to risk assessment

A common sense approach to risk assessment

Before we begin A word to the wise There are circumstances, for example in complex systems engineering, where there are extensive sources of data on mean time between failures and so on which can support detailed and scientific assessment of risk. The purpose of this...

What are we not seeing?

What are we not seeing?

Managing cyber risk beyond the obvious One of the most frustrating aspects of the cybersecurity landscape is the number of risk factors that are not visible at ground level, particularly those related to human factors. As humans, the way we view, assess and manage...

Seeing the wood for the trees

Seeing the wood for the trees

What do woods and trees have to do with Cybersecurity? The need for perspective. That and being able to understand the context in which things are happening. The online world is highly complex, it is volatile, ambiguous and often hard if not impossible to determine...