What do TiVo, Marriott, and Best Buy all have in common? A hacker. All of these companies had their email databases hacked into during the last two weeks. If you’re a customer of these companies, you may have received an email informing you of the breach, and advising you not to open any “suspicious” emails that ask for your passwords or even Social Security numbers. When the company email system is hacked, or a customer email database stolen, it can be extremely terrifying for the company. The consequences include lost data, potential exposure of confidential client information (including credit card numbers), significant downtime, and damage to the brand.
So what can a business do to protect its email? Here are some tips for keeping cyber scum away.
Do a background check on your email host
Clean email starts with the server that’s routing it. And not all email hosts are created equal. Today, the big draw is using a “cloud” host for everything, including email. It’s less expensive (in some cases free), you can scale up or down based on how much space you need, and let’s face it; the cloud is all the rage. But the cloud isn’t exactly secure. In fact, hackers love public cloud environments because they know how vulnerable they are. Are email hosts getting better at securing their clouds? Yes. But it’s going to take some time. So do your homework on your email host. Find out what their security measures are, how they will help you if your email is hacked, and read user reviews. If you have any doubts, go with a secure exchange server host, such as Mailstreet. It costs a little more, but that cost comes with a little more peace of mind.
Stop ignoring the updates
Mac or PC, doesn’t matter, you’re getting update alerts and you’re probably hitting the “not now” button quite often. Who could blame you? Those downloads take forever. They cut right into your day and sometimes they don’t go very smoothly, which takes up more time, further delaying your ability to get work done. You know what else takes time out of your day? Having to come up with an emergency action plan of explaining to your customers that their confidential data may have been stolen. It’s best to check for spam, virus, and malware security updates as often as once a month, even if you’re not getting automatic alerts. Those updates are there to protect your company, and they’re free. Worth an hour of your time? Definitely. If you don’t trust your own reliability (or your employees reliability) to update software often, you can look into a PGP program for an added layer of protection.PGP stands for “Pretty Good Privacy” and various PGP programs will allow you to encrypt your email.
Keep confidential messages off of email
Email has gotten so convenient, and so accessible, that we’ve gotten a little lax in what we communicate, and don’t communicate through this medium. As a rule, don’t send information over email that could be devastating to your company if it ended up in the wrong hands. This includes credit card numbers, Social Security numbers, highly confidential documents, and the like. Instead, use a service like YouSendIt.com, or enlist the help of a good old-fashioned FTP server. Hackers that have found a way to reach your company email will monitor correspondence specifically looking for things like this.
Unless you’re a one-man band, it’s imperative that these guidelines are shared with the entire organization and managed consistently. Everyone in the company needs to understand that they are responsible for keeping company data safe. Consider every employee a back door for a hacker, and put guidelines like this in your handbook. If you have an IT manager on staff, it’s this person’s job to hold everyone accountable. If you aren’t quite there yet, consider enlisting the help of an IT outsourcing company that can step in for both reactive, and proactive measures.
There are certainly hundreds of different ways to make sure your email is never attacked. Starting with these three basics is a good way to minimize the risk significantly.