Benefits of email and the internet

Internet and email security issues

Guide

Although the internet and email bring a range of business benefits, they also pose a number of potential security threats.

Common email vulnerabilities

Some of the most common email security threats are:

  • malware
  • spam and phishing
  • social engineering
  • malicious unauthorised access
  • unintentional acts by authorised users

You should fully consider the possibility of malicious and fraudulent attacks by hackers, as well as the impact that viruses and denial-of-service attacks (ie attempts to disrupt your web or network services) could have on your IT systems.

Email security safeguards

Securing an email system is the responsibility of your business IT department and/or your email administrator. However, anyone who shares business information via your email network should be aware of the threats and risks involved.

Common safeguards for protecting IT systems include:

  • Authentication - techniques to identify and verify anyone seeking to access an e-commerce system.
  • Access control - user restrictions to ensure users only access data and services for which they have been authorised.
  • Encryption - techniques to scramble data and protect information stored on a computer or transmitted over a network.
  • Firewall - hardware or software security devices that filter information passing between internal and external networks. A firewall controls access to the internet by internal users and prevents outside parties from gaining access to systems and information on the internal network.
  • Intrusion detection - products that monitor system and network activity in order to spot if someone is trying to gain access.
  • Anti-virus software - tools to detect viruses and prevent access to infected files.
  • Staff awareness - keeping staff aware of typical scams used to extract personal or sensitive information.

You should protect all of your organisation's domains, including where your organisation uses common cloud email providers, such as Google G Suite and Microsoft Office 365.

See a list of common cyber security measures and read more about cyber security for business.

Create a good security policy

An IT security policy should outline how you plan to protect your IT assets. It should emphasise:

  • the measures you will take
  • their importance to your business
  • the responsibilities of your staff

For example, your policy should state that staff should regularly change passwords they use to access your email or IT system, not write them down or share them with anyone else.

See email and internet acceptable use policy.

Printer-friendly version
Actions
Invest NI's ICT support for business
NCSC's small business guide on cyber security
Email security and anti-spoofing guidance
Also on this site
Protect your business online
IT risk management
Sample IT policies, disclaimers and notices