So I’d like to start this blog on a somewhat personal note. My father who owns a local tax consultancy firm was surprised to receive a phone call one day from a lady client asking if he had sent some pornographic material to her email address. Shocked, he immediately checked his Hotmail account only to find out that several of his clients had been sent the notorious mail. Besides writing an apology to the clients explaining what had happened, he immediately changed his password. He continues to do so more frequently than before to avoid a recurrence.
Not to single out any one provider, such breaches are on the rise across the board. In July 2012 hundreds and thousands of accounts on Yahoo, Gmail, AOL, and Hotmail, among others, had been compromised. A month prior the same year, LinkedIn had reported that 6.5 million passwords of its members had been published on a Russian website. Come to think of it, the U.S Government, for all its sophistication, could not prevent cyber attacks that supposedly emanated from the Chinese mainland.
But in the interest of keeping the discussion less controversial and far more relevant, what can local business owners, like my father, do to prevent their email accounts from being compromised? Here are five good tips to keep you safe:
- Register a Domain Name for Your Company: CMIT Solutions an IT solutions provider for small businesses, recommends that business owners should never use free email services for official purposes. Instead they should acquire their own domain name and use email addresses which carry the domain name. What this simply means is John.Smith@smallbiztechnology.com instead of John.Smith@gmail.com. Not only does having an email address with a customized domain name project a more professional image of the business, it is also a more secure way of communicating on email.
- Update your anti-virus software regularly : Make sure that all systems including mobile devices are protected by malware detection programs and the anti-virus software being used is updated with the latest version. Ask your vendor to enable auto patching and auto updating so that your systems are never stale.
- Secure Mobile Devices used for Commercial Operations : A gaping hole in the IT security of most small businesses as per CMIT Solutions is easy access to mobile devices (smart phones, tablets and laptops). It is imperative that all mobile devices be protected with robust passwords and that the passwords are changed mandatorily on a regular basis. While some experts recommend changing passwords every month, others recommend changing it at least once in six months. Passwords should be at least 14 characters long, with numbers and special characters included to make them more ‘unhackable’!
- Have a user policy in place : Having a mobile device user policy is a good idea. For instance, applications that are unimportant for business should not be downloaded on official mobile devices. Malicious apps could send text messages or email to everyone on the contact list. Another guideline could be to ensure that all devices such as laptops are locked when not being used to safeguard against any internal misuse which could prove disastrous for business. Clicking on links in emails from unknown senders is a big no-no! Reinforce the acceptable mobile device user guidelines with your staff on a regular basis; let the guidelines not just be communicated as a notice on the office dashboard or as a one-off group email.
- Use email filtering software: All of us read company policies but tend to overlook them and then one day….bam!! you have someone clicking on an interesting looking email that contains a malicious link. To prevent infected emails from being accessed, security experts recommend that small businesses must implement email filtering software which prevents suspicious emails from reaching employees.
Perhaps you have faced a similar situation. Is there anything more that small business owners could do to prevent their emails from being compromised? Share your experiences and suggestions; we’d love to hear from you.