Company mail systems and the associated accounts used by their staff often gain unwanted attention from threat operators. While email user accounts are used to send and receive messages daily, they are also used as storehouses for past communications. It is not a common practice to delete old messages in this day and age as users often need to refer to information that they contain.
However, whether enterprise mail is being sent, received or stored, it typically contains a wealth of personally identifiable information (PII) on data subjects like staff members, business partners and customers, to name but a few. It can also include sensitive or confidential material such as discussions on business mergers and agreements, but also documents like contracts and invoices.
As a communication hub containing private data, email systems and accounts must be protected properly to keep threat operators out. Ask yourself these questions to get started:
How easy is it to access your email account?
Accounts are typically entered by keying in a username and password. Email addresses are used as usernames and are often easy for hackers to locate with a little legwork. Many companies erroneously list staff email addresses on their official websites and staff may add them to online CVs, company communications and on social media where they can be picked up.
However, a password can keep attackers out if they are strong enough. Make sure passwords are issued by admins rather than staff to make sure they are not weak but consider adding multi-factor authentication, or MFA for short.
This extra security measure means that on top of a username and password, anyone seeking to access an account will require additional proof they are the legitimate account holder. A code may be sent to their mobile device or, in some cases, a biometric scan like a fingerprint or facial recognition protocol may be put in place.
Do you use email encryption?
End-to-end email encryption can make certain that the only individuals able to view a message are its sender and intended recipient. Encryption is applied to the email, effectively scrambling the content into a meaningless selection of characters. The person the email is intended for will be issued a decryption key that allows them to unscramble the text and read the message.
The best practice is to always encrypt all emails sent and stored in accounts. Should a threat operator manage to access a company user account, they will be unable to read the mail that has been encrypted. Furthermore, if they succeed in intercepting a message in transit, the same rule applies.
Secure your email today
At Galaxkey, we offer next generation email security with powerful encryption that is approved by the National Cyber Security Centre (NCSC). While it is simple to use, allowing even the least tech savvy members of your team the ability to secure messages, our email encryption has three layers of robust protection. Contact our team now to arrange a free 14-day trial.