There is a fine line between reasonable caution and paranoia when it comes to computer security. Reasonable caution means things like maintaining current virus protection on all computers, password-protecting machines and sensitive data, and backing up important data. But one major component of computer security is the people who use the systems. Training is crucial.
One gaping source of potential security problems is email. Nefarious email senders are still able to trick recipients into opening malicious attachments. Employees can accidentally send sensitive information in unsecured emails. Make sure the employees at your company are trained in how to handle email so they do not unintentionally cause a security breach.
The bad guys are increasingly sophisticated at getting email recipients to take an action — such as clicking a link, running a program, or responding with sensitive information — that results in exposing personal and business information.
Employees must be very cautious before opening an email attachment, even when they have virus protection installed. It is difficult for virus software to stay one step ahead, and a virus can sweep thousands of machines before getting quashed. If an email or an email attachment looks suspicious, they should not open it.
Email attachments should be scanned with antivirus software before getting opened or saved on the computer. Files with an “.exe” extension are particularly dangerous. If the email program is set to automatically download attachments, turn this feature off.
Believe it or not, many people use the same password for everything! The problem here is that you never know who will have access to a particular password database. Let’s say an employee buys office supplies online and uses their company email address with their “standard” password. A hacker or even an employee at the office supply website gets access to the email addresses and passwords. They can simply try to log in to the company’s email server using the email address and password. Bingo — security breach. If the employee is privy to IUO (Internal Use Only) materials by email, this information can be sold to a competitor. The email address can be used to send out spam or damaging emails. Or it could be used to change the employee’s passwords and grant the criminal access to sensitive online systems.
Passwords should include lower case, upper case, numbers, and symbols. Each password should be unique and stored in a password-protected encrypted file (such as MS Excel) or in an encrypted password keeping program.
Employees who check work-related email on their smartphones are just one distraction away from losing the phone. This means sensitive company emails could wind up in the wrong hands. Make sure all employees protect their smartphones with a passcode and limit the number of emails they store on their phones.
Google mail is an excellent solution for simplifying your company email services, and you can use your company’s own domain name. Google’s spam engine is superb, and every employee can be required to run under SSL.
Train your employees in proper email security and they will help minimize loss from security breaches.