Best Practices for Email Security

The steady stream of news about security breaches related to compromised email accounts shows no signs of abating anytime soon. With companies increasingly relying on email to perform important business functions, taking steps to secure your business-related email accounts has become a mission critical endeavour for many companies. Doing so is especially important for SMEs, who often don’t have separate IT departments to oversee email security.

Best practices for email security include:

  • Use antivirus software: Modern-day hackers create new and dangerous viruses with frightening rapidity. Using an up-to-date antivirus solution is essential to protect your system.
  • Only open email from trusted sources: Train your staff to always check who has sent an email prior to opening it and to have antivirus software scan any attachments prior to opening.
  • Communicate best practices to your staff. The best email security procedures in the world won’t help much if they aren’t communicated to and followed by your employees. For best results, schedule meetings or training sessions to discuss these policies with your staff to make sure they understand how to apply them and have a chance to ask any questions they may have about them.
  • Use a strong password. Many email security breaches are caused by the use of weak passwords, including the use of the word “password” as a password. Your email policies should discourage the use of very simple passwords, especially those that use data that a hacker could easily glean from publicly available sources such as social media. For instance, the names of an employee’s children or pets, if this information is easily found online. The best passwords are long ones that include different cases, special characters and both alphabetic and numeric digits.  
  • Be on the lookout for phishing emails. Emails that appear to be from reputable sources such as a bank or government institution may in fact be from hackers trying to get an employee to reveal his or her password or other valuable information. Such information should never be revealed over email unless you are absolutely sure who is receiving it.
  • Don’t store passwords on your browser. While doing so makes it easy to log-in to an email account, it creates a security risk if an intruder should gain access to your browser.
  • Encrypt emails. Emails that are not encrypted can potentially be viewed by hackers if they gain access to an unsecure server that the email passes through. Emails sent via Gmail are encrypted by default if the recipient of your email is on a server that supports SSL/TLS. Specialised encryption tools may provide even more comprehensive email encryption.


With lax email security practices responsible for many security breaches, adopting robust email security procedures should be a high priority for all enterprises. Adopting the email security procedures listed above can help your company protect its email accounts from hackers and other threat actors.