Email Security - Best Practices

Change IT Service

Protect your business and your employees by sharing these best practices with them.

Spam email, junk mail, scam email, unsolicited email – these terms and many more are used to describe the unwanted email that we receive in our inbox on a daily basis. But do you know the difference between spam email and scam email? Could you spot a scam email if one landed in your inbox?

It is in the news almost every month – another company has been targeted by a new strain of ransomware or virus that will cost them a substantial amount of money to rectify. Or an email claiming to be from a legitimate company was actually a phishing email and they now have the company’s sensitive information with no way of getting it back.

We all think it won’t happen to us or that we are too smart to be fooled but cyber criminals are becoming more sophisticated in their attacks and we are hearing that even the senior managers are being caught out.

A real-time report for a typical user over a 3-month period this year – 67.59% of emails were quarantined and 2.93% of them were classed as spam or virus.

Businesses employ a multitude of technology to protect their systems and users from email threats. These pick up embedded viruses, malicious code and the like, however many new threats are based around human behavior and actually do not contain embedded threats. Instead, the content is designed around our behavior trying to trick and entice us to visit malicious websites, click through links or embed links into images. This can be hard to protect against using conventional technology. Awareness and common sense is still very much key.

Don’t be complacent – make sure you and your staff are checking every email being opened and arriving in your inbox, deleting those that are obvious threats.

So what should you look out for?

We have created a poster that summarizes the points below so that you can send it to your employees or print it off and put it in a visible place in your office.

1. Check the sender is legitimate

Your email provider may show the name of a reputable source but if you look closer at their email address, it could be completely different or have a difference of only 1 letter. Only continue with the email if you know it is from the genuine company.

2. Don’t download images

Some email providers will automatically block images and then give you the option to download them once you have confirmed you know the source. If content from a malicious source is downloaded, it verifies to the sender that your email address is valid. They will then sell your email address to others.

3. Check links before clicking

In most email providers, you can hover over clickable links and it will reveal the link address. Does it look right? Are there any signs it could be malicious? If it doesn’t direct you to the company’s genuine website, or one you know well, it is best to avoid clicking on it.

4. Beware of attachments

Some emails contain viruses within an attachment, usually a Microsoft document that will activate once it is opened. You may have the option to preview the attachment first but as cyber criminals are becoming more sophisticated, so are their attacks – some viruses can still run in the preview mode.

5. Do your research

Use a search engine to do your research. If you’ve been sent it, chances are so have others. If you start typing the subject line or company name, you will find people are probably already talking about it and sharing their experiences.

6. Be vigilant on mobiles

Beware – these rules are harder to apply on mobile devices; email apps usually download images automatically and you can’t hover over links to reveal information. It is also easier to click on emails accidentally just by touching the screen. Be cautious and stay aware when reading emails on your phone.

7. Check the content

Maybe the most obvious to arouse suspicion. If you know the sender, is the content written in their style, manner and grammar? If not, you can bet it is not from them.

Remember that it can happen to anyone, anywhere. Make sure to implement these precautionary measures into your daily routine for the greatest security.


This website uses cookies and asks your personal data to enhance your browsing experience.