In today’s world, emails are the main avenue of communication, both for personal and business purposes. However, accompanying that is the fact that email hacking has become more commonplace and hackers continue to find sophisticated ways to obtain illegal access.
Protection and training are two important steps to help ensure email security. To that end, below are some helpful tips.
- Use secure email services when sending emails with sensitive and/or non-public information. Secure email services work by uploading the message and attachments to a secure portal where it can be safely retrieved by the recipient.
- Don’t take the bait in phishing scams. Phishing scams are hacking methods that trick email users into revealing non-public information such as passwords or social security numbers, or into unknowingly activating a harmful virus into the user’s computer. Awareness is key. Some phishing email scams are fairly easy to recognize, but some can emulate notifications from well-known vendors such as Bank of America, UPS, Federal Express, Amazon or ebay. Examine emails carefully before opening (to the extent possible) and if at all suspect, don’t open and call your firm’s IT personnel.
- Be aware of compromised/hacked email accounts. For any emails requesting non-public information or movement of money from an account, have processes in place to confirm the email is from the client or appropriate sender, as applicable. This should include verbal confirmation of all information in the email (especially for the movement of money) and having a method to confirm the identity of the person you are speaking with is in fact the client/sender.
- Secure email accounts, both business and personal. Use multi-factor authentication steps whenever possible and adopt strong password policies (at least 10 characters, with mix of letters, numbers and symbols) to protect the email accounts. Importantly, passwords should be changed periodically.
- Don’t save emails with sensitive or non-public information on your email application (Outlook). Emails with such information should be exported to a more secure electronic location and then deleted from the email application.
There are a number of additional protection steps and training that can be used and Core Compliance & Legal Services, Inc. can provide suggestions on how best to customize based on a firm’s business practices. Contact us at (619) 278-0020 with questions or to find out how we can help.