10 Best Practices for Email Security

Email is a critical business tool for nonprofits. Unfortunately, nonprofits face the same threats to their email security that other businesses and organizations face.

Deploying a central email security solution and following 10 best practices will help keep your email system protected.

woman holding her hands out with ten fingers outstretched

1. Stop Spam and Phishing Emails

Spam is not only a nuisance, it can also pose security risks. Phishing emails entice recipients to click on malicious links and provide credentials or confidential information, which can result in security breaches.

2. Use a Multi-Antivirus Scanner

With new threats being introduced daily, it is important to use multiple antivirus engines in order to increase the rate of detection and reduce the window of vulnerability. Since email is one of the main sources of malware, it is advisable to use a fast-performance multi-antivirus scanner to scan incoming email attachments for email-borne threats. Read more about why multi-scanning is essential for email security.

3. Check for Confidential Content

Make sure that no confidential content is sent via email by checking emails and attachments for sensitive information such as social security numbers and credit card data.

4. Prevent Targeted Attacks

Zero-day and targeted attacks can go undetected by anti-malware engines, since they are only sent out to specific groups and individuals. In order to protect against these unknown threats, email attachments should be "sanitized" by converting to a different file format and removing any possible embedded threats. For instance, by converting a Word file to PDF, any potentially harmful scripts can be removed.

5. Check Internal Emails

Malware is usually found in emails coming from external sources, but if an employee's machine gets infected, malicious emails can be sent via internal email. Employees are also more likely to click on an infected email attachment if it is from a co-worker. For this reason, it is important to ensure that your email security solution also scans internally sent emails.

6. Train Employees

Train your employees not to click on links or open attachments from unknown senders. Even if the email is from a known sender but somehow looks out of the ordinary, teach your employees to be cautious. In addition, have an email policy in place that lists the dos and don'ts of email use.

7. Block Emails with Many Recipients

Instead of using an email marketing tool, some employees might decide to send one email and include all recipients in the To:, Cc:, or Bcc: field, for instance to inform customers about a new promotion. This can result in unintended exposure of valuable client contacts, damage to reputation, and privacy breach claims. Emails with more than 15 recipients should therefore be blocked at the server level before they can do any damage.

8. Block Large Email Attachments

Emails should not contain attachments that are larger than 10 MB. An email that's bigger than 10 MB will most probably not arrive, and the recipient might not even get an undeliverable message back. In the worst case, a large email attachment can bring a whole network to a halt. To prevent this from happening, set an email policy to block large emails and notify the sender, providing alternate methods for sending large files.

9. Archive Emails

Make sure that you keep a backup of your emails, so that if a disaster should occur, you can still revert to your backup. In addition to using backup tapes, check if your email security solution also provides mail backup functionality.

10. Add Legal Footer

To comply with regulations, make sure that each email that is sent out includes the necessary legal footer.

Image: Robert Kneschke / Shutterstock