Skip links

Email Security

Emails play a big part in our day to day work, many users spend more time on emails than phone calls. What Come with the convenience of the technology, are the risks. “Bad guys” want something from you and me, thru emails.

As a business owner, what can you do? We have a few tips to get you start think, more importantly, act.


User Education/Training

Like many technologies (I.T.), administration is the most important factor. Technologies serve users, by making their work easier, faster and more efficient. However if users don’t use IT properly, they unintentionally create the biggest risk to your IT infrastructure.

One Security audit company dropped a few USB flash in parking lot. Some users picked them up, out of curiosity, they plugged in the USB flash into their computers. Out of curiosity, they opened the files in the USB flash. You guessed right, those files have viruses.

What do you see from above story? if users have the security consciousness, they wouldn’t pick up the USB flash at the first place. If they got proper training, they would have the security consciousness.


Secure the login of Email accounts

As a best practice for literally all IT systems, use complex passwords for email accounts; change passwords regularly.

That is not enough, though.

Suppose your email system support MFA – Multiple Factor Authentication, or 2FA – 2 Factor Authentication, or 2SV – 2 Step Verification, you should implement this security mechanism, it’ll greatly enhance the email accounts. The concept is that password alone can be stolen, or hacked, so it’s not secure enough; when a 2nd or more factors are enforced, for example, a physical usb key is also needed for login, the chance of email account being stolen is slim.



Be conscious of phishing. We are all being target.

Put this in simple way, if you are offered some goodies in an email, suppose it’s a phishing; if you suspect something, suppose it’s fishing.

Ideally you should have an IT system to filter phishing emails, some email systems have built-in function for this, e.g. Google G Suite determine phishing emails pretty well.

More importantly, the users must have the consciousness.

Check our blog for more about phishing:


Separate work email and personal email

When the work email account is used also for personal purpose, the exposure to risks naturally increases. The little convenience a user gets by using work email for personal purpose potentially incurs risk to the whole company email system.

Some security system have capability to filter personal emails, however don’t totally rely on software. The best way is still training. Let your staffs know that work email is just for work. Educate them once, twice, 3 times, …, on and on.

Want to discuss more on the topic? Call us today at (604) 757-9823, or send us a contact form.