What are Good and Bad Email Security Practices?

Image source

According to Verizon’s 2019 Data Breach Investigation Report, 94% of the malware use email as their delivery method. The same study also shows phishing played a central role in 32% of the data breaches. As you can see, email systems can leave your business vulnerable to cybercrimes, affecting your business operations. Ensuring this form of communication is secure not only prevents you from becoming a victim of digital attacks but also ensures your brand image remains unaffected.

Email is a prime target for cyberattacks, as it is easy to spread viruses and malware to multiple computers easily. If cybercriminals get access to your email system, they can steal sensitive data from your employees and customers. What can you do to make sure your business doesn’t find itself in a precarious situation? Knowing the risks of using email and understanding how you can protect yourself will ensure your data is safe. Given below are good and bad email security practices you should become aware of and follow, to thwart the efforts of cybercriminals. It is best to know which are good and which of these is not a good security practice for email.

Good Email Security Practices

Image source

Create a unique and strong password

By making your password to access your email systems secure, you make like harder for cybercriminals. Even if they use specialized software to guess your login details, they still have to wait for a long time to break into your account, discouraging them from attacking you.

Always make sure the passwords you use don’t contain any personal information people can find online. The company you work at and the name of your pet, university, school, or hometown are a strict no.

Use a combination of random letters and numbers, along with special characters to make your password strong. Add alphabets in both lower and upper case, to ensure your login details are unique.

Enable two-factor authentication

A powerful and effective tool that can prevent you from becoming a victim of cyberattacks, two-factor authentication is essential for all your emails. It acts as an additional layer of security by asking you to enter a special code to access your account.

Even if cybercriminals get their hands on your password, they still won’t be able to login to your email due to two-factor authentication. Make sure you enable it for all your accounts.

Learn about common phishing techniques

The problem with phishing is that cybercriminals acting as legitimate companies, get sensitive information out of unsuspecting victims. They use various social engineering techniques to convince the recipients of their emails to provide them with the necessary data. Majority of the victims who fall prey to phishing, don’t think about the information the “legitimate company” is requesting, resulting in massive security breaches.

One way to identify phishing emails is to scan for grammar and spelling mistakes in the body of the letter. You can also know if the sender is a cybercriminal if the writing style feels robotic.

Another way to identify a potential phishing attack is to look for these techniques:

· Deceptive Phishing

A common practice among cybercriminals, these emails look like they come from well-known companies or government bodies. The goal is to trick users into believing the emails they receive are legitimate, due to which they provide all the information the hackers need for a data breach. Users feel they need to act immediately, as communication from well-known companies or government bodies have a sense of urgency.

For example, the tax department of your country will send an email informing you that there was a problem with filling your tax. To resolve this issue, they ask you to provide the missing data.

There are several ways you can spot deceptive phishing. First, look at the complete email address of the sender. Cybercriminals may replace characters and use a combination of other alphabets, to make it look legitimate. For example, instead of using ‘m,’ they use ‘r’ along with ‘n’ as most people may not notice this minute change. Another way is to use an organization’s name, along with a fake domain, to trick users.

· Pharming

In pharming, cybercriminals will send emails, with links that look like they will redirect you to official websites. However, they change the IP address by targeting the DNS server. As a result, you visit a malicious website, making you vulnerable to an attack.

The best way to protect yourself against pharming is to ensure every website you interact with has HTTPS protection. If you also use anti-virus or anti-malware software, use their services to scan the site you visit.

· Spear Phishing

Spear phishing is effective, as cybercriminals personalize the malicious emails to target specific users. They will already have access to information such as job role and title, name of the victim, and place of employment. Due to this level of personalization, it is easier for cybercriminals to trick users into providing sensitive information.

Bad Email Security Practices

Which of these is not a good security practice for email – using password123 as your password in every account and opening a mail informing you won a prize? If you have the habit of following these patterns, you should know you are putting your data at risk. What else should you keep in mind to make sure your email security is secure?

Clicking “unsubscribe” in a spam email

Malicious emails can get past your spam filter and anti-virus and anti-malware software and end up in your inbox. When you open them, you realize it is a spam email. As you see an unsubscribe link, you decide to click it. You should avoid this at all costs, as cybercriminals use this technique to gain backdoor access to your account and sensitive data. In other words, it is not a good security practice for email.

The best way to deal with this situation is to mark this communication as spam and delete it immediately. Sometimes, you may receive an email from a legitimate website, which claims you subscribed to their services. In this case, you should visit the site and see if this is true. Most websites will have the option of changing how they communicate with you.

Connecting to public Wi-Fi to open emails

Public Wi-Fi is popular as it allows you to access the internet for free. You find them in places such as hotels, restaurants, airports, shopping malls, and coffee shops. The rule of thumb when it comes to public Wi-Fi is to never use it when you need to access your account.

Any user on this network can attack your device and access sensitive information easily, which is not a good security practice for email. If you have to log in to your email, make sure you use your smartphone’s internet data. You can also use VPNs that offer premium services, as they will encrypt your data.

Opening every attachment and link without scanning

It is quite common to receive emails and links from your employees, clients, and customers, as it can be a part of your business operations. Most people tend to trust these types of users and open any attachment and link they receive.

The problem with this practice is that you are leaving your email system vulnerable to attacks. Cybercriminals try to exploit this trust by getting you to open malicious links and files.

How can you avoid becoming a victim? Regardless of who sends you the email, you must make it a practice to scan every attachment and link. Keep in mind that malicious files can come in any format. Most anti-malware and anti-virus software have automatic email attachment and link scanning as a built-in feature. Make sure you enable it to prevent cybercriminals from gaining the upper hand.

Using company email for personal use

It may seem okay to use your business email for personal use, as you don’t have to manage multiple accounts. However, this is not a good security practice for email, as cybercriminals find it easier to target you.

When you use your business email, your IT team can monitor the communication, to ensure it is safe. However, when you start using it for personal use, all the security measures your company put in place becomes void.

Always make sure your company email is only for work. If your communication isn’t related to your business, use your personal email through your smartphone. By following this practice, you won’t come under the radar of cybercriminals.


Ensuring your email is secure will ensure your company is safe from the hands of cybercriminals. Make sure you implement good email security practices. Educate everyone in your company about the best digital safety techniques. Your email security is only as safe as the weakest link in your business. You should always be aware of which of these is not a good security practice for email.

Everyone should be aware of the latest techniques’ cybercriminals use to gain unauthorized access. They should also be aware of which habits are not a good security practice for email. Sending out a weekly/monthly newsletter and holding awareness days can go a long way in safeguarding sensitive data. Always remember that cybercriminals are always present and will go out of their way to get personal information.

Make sure all the devices you use for your business are up-to-date with the latest software. Manufacturers release patches that plug existing vulnerabilities, preventing cybercriminals from taking advantage of them. Remember all these practices as it allows your company to continue its operations without having to deal with data breaches!

Top Order Confirmation Email Templates for Online Stores

What is Email Spoofing? How Can You Avoid Being A Victim of Email Spoofing?