Internet and email security issues
Understand the threats to your business from internet and email usage and ways you can safeguard your business
Although the internet and email bring a range of business benefits, they also pose a number of potential security threats.
Common email vulnerabilities
Some of the most common email security threats are:
- spam and phishing
- social engineering
- malicious unauthorised access
- unintentional acts by authorised users
You should fully consider the possibility of malicious and fraudulent attacks by hackers, as well as the impact that viruses and denial-of-service attacks (ie attempts to disrupt your web or network services) could have on your IT systems.
Email security safeguards
Securing an email system is the responsibility of your business' IT department and/or your email administrator. However, anyone who shares business information via your email network should be aware of the threats and risks involved.
Common safeguards for protecting IT systems include:
- Authentication - techniques to identify and verify anyone seeking to access an e-commerce system.
- Access control - user restrictions to ensure users only access data and services for which they have been authorised.
- Encryption - techniques to scramble data and protect information stored on a computer or transmitted over a network.
- Firewall - hardware or software security devices that filter information passing between internal and external networks. A firewall controls access to the internet by internal users, and prevents outside parties gaining access to systems and information on the internal network.
- Intrusion detection - products that monitor system and network activity in order to spot if someone is trying to gain access.
- Anti-virus software - tools to detect viruses and prevent access to infected files.
- Staff awareness - keeping staff aware of typical scams used to extract personal or sensitive information.
You should protect all of your organisation's domains, including where your organisation uses common cloud email providers, such as Google G Suite and Microsoft Office 365.
Create a good security policy
An IT security policy should outline how you plan to protect your IT assets. It should emphasise:
- the measures you will take
- their importance to your business
- the responsibilities of your staff
For example, your policy should state that staff should regularly change passwords they use to access your email or IT system, not write them down or share them with anyone else.