Security is one of the biggest issues facing small businesses. With BYOD policies (Bring Your Own Device), many small businesses make easy targets for hacks that can literally cause havoc in their company. This is the result of having less sophisticated security that larger companies employ to protect themselves.
Many security breaches occur through email since they are a lot like postcards that travel over the internet. They are addressed to a person, but anyone can turn them over and read them. This is a major problem since emails often contain customer sensitive information.
When small businesses share information with their clients via email, they are liable for protecting that data. If a client sends their credit card information and someone intercepts that email, it can be used fraudulently. Not only does it reflect very poorly on the business, they may be liable.
Here are a few steps small business owners should take to protect their email communication:
- Do not share passwords or accounts. A lot of small businesses have a general account for communicating with customers that several people have access to. The problem is that every person can now access every message. Action to take: Increase the security of email communications by using person-specific accounts and not sharing passwords. Remember, a general account can automatically forward email to many person specific accounts if information always needs to be shared.
- Prevent physical access.. Leaving a computer open and unattended makes it incredibly easy for someone to walk up and read emails. Action to take: Make sure that all devices lock after not being used for 15 seconds and require a password to logon.
- Encrypt emails. Email encryption services, such as Enlocked, give an easy way to secure messages, allowing them to be sent safely over standard email. The service works right within an email environment. Action to take. Draft an email and address it to a user just like normal except next to the send standard button is a “send secure” button. The recipient receives the message normally, but must authenticate themselves before viewing.
- Use different channels. A common method for sending sensitive information, such as usernames and passwords, is send them in separate emails. Action to take: Use two separate channels; send the username via email and the password via text message. Another popular method of protection is sending password protected files. It works as a great first step, but the sender still runs into the problem of safely communicating password information.
If protecting email communications is not seen as problem in your company, you haven’t had the problem. Take the necessary steps to protect sensitive information and evaluate what works best for your small business.