If you frequently send confidential professional data over emails, it is obvious that you want to know how to secure an
email. A vigilant email user can weed out the fake and phishing incoming emails. But what about outgoing emails? If someone intercepts it, they can read all your email content including, but not limited to trade secrets, technical know-how, confidential communication with customers and clients, sensitive legal issues, secret marketing strategies, etc.
What if someone hacks your employees’ email client itself? Then, they can not only read all the emails but also send emails to all your customers, vendors, shareholders, etc., impersonating a legit representative of the company! It is a highly risky thing. Google can blacklist your company's official email accounts, too!
In this article, we have included 7 tricks on how to protect business emails.
1) Use Email Clients That Provide E2E Encryption Facility
You might not be aware of the fact that when you use generic email clients like Gmail, Yahoo, Hotmail, etc., the email first reaches these service providers' servers and is then redirected to the recipient's server. This step increases the chances of email compromise. End-to-end (E2E) email encryption means locking your emails' data with cryptographical keys. Plus, the email goes directly to the recipient, without any mediators.
There are some email service providers that provide you end-to-end encryption for all the emails for free! The well-known E2E service providers are ProtonMail, Mailfence, and Tuanota. The basic account will be free with limited storage. If you want an email address with your companies' domain after @ or more storage space, you have to upgrade to their premium plans.
2) Install Security Extension and Add-ons
The email clients we mentioned above are complicated to use. But if you want to stick with your regular email clients, you can use these freemium browser extensions and add-ons to secure your emails.
By installing some of these tools, you can not only get E2E encryption, but also set expiration, disable forwarding, revoke access to the email, and watermark attachments with recipients’ names to prevent them from leaking sensitive files.
Here are some well-known extensions.
• Virtu
• SendSafely
• Mailvelope,
• End-To-End,
• FlowCrypt
Another way to protect emails is to use S/MIME or email signing certificates. It is available for organizations only. These certs provide a digital signing facility with each outgoing email along with E2E encryption. The digital signatures can't be removed, altered, or duplicated. That provides a strong identity authentication to the recipients. S/MIME certificate costs between $10 to $35 per year.
3) Have Separate Email Accounts for Essential and Non-essential Usage
According to Dashlane, the average American internet user will have 300 online accounts by the year 2022. Most of the time when you want a new account with a platform, you must provide them an email address. That means your email ID is exposed to a lot of different platforms. If their database got leaked or if these platforms sell this data to others (it's illegal, though), you will not only get tons of phishing and spam emails but also be subject to brute force and credential stuffing attacks.
That's why it is highly advisable to keep a separate account for all the important tasks like banking, utilities, insurance, and personal emails and have a different email account that you can give to any non-essential service provider. Also, never use the same password as your email while making an online account with any other platform.
4) Enable Two-Factor Authentication
In two-factor authentication, you will get a unique one-time password (OTP), pin, link, or code on your registered mobile’s SMS or secondary email address. You need to provide this secret code along with the password every time at the time of logging in. It may look like a hassle to many but at least for the email addresses you use for sending sensitive personal or professional data, 2FA can definitely be good practice for protecting the email accounts.
You can also enable 2FA using these apps.
- Google Authenticator,
- Microsoft Authenticator,
- Twilio Authy 2-Factor Authentication
5) Encrypt the Attachments
If you are sending important data via email attachments, it is always a good practice to encrypt it. In general, when you password-protect a document, it gets encrypted. For any Microsoft products (Word, Excel, PowerPoint, Access), you can go to
Files --> Info --> Protect Document/Workbook --> Encrypt with Password
There are some free encryption software available too like Folder Lock, 7-Zip, VeraCrypt, AxCrypt, DiskCryptor, etc.
Please make sure you send the recipient's password in a separate email or via SMS or any other channel.
6) Don’t Let Browsers Save your Passwords
The auto-login facility is always very convenient for emails. But it’s not a good practice for protecting your emails. you might not be aware, but your browser has stored many passwords which anyone can read easily if they get access to your computer.
For Chrome,
• go to the menu (three vertical dots on the upper right side)
• click on Settings
• locate Autofill and click on Passwords
See how many passwords are there. You can view them by clicking on the eye symbol and even export them in an excel sheet. If you lose your device or a hacker takes control of it using malware, they can easily intercept these passwords. Hence delete these stored passwords and always type your passwords manually while logging in.
7) Don’t Login to Other Services Using Default Email Clients
Now, this last piece of advice may sound cliché but people still miss this one. It is highly convenient when a new platform gives you options like “Login with Gmail” or “Login with Facebook”. You don't need to fill their boring form and all the formalities just get completed in a click! However, it is a highly unsafe practice. Do you read the terms and conditions of the new platform? They might be able to use all the personal information saved on your Gmail or Facebook and use that data.
Some platforms' policies are so bizarre that they see your contact list, emails, media files, and social media posts as well. They can invade your privacy or use this data for marketing purposes. But if such a platform's database or server is hacked, the hacker can cause huge damage with such an access. Hackers can send phishing emails using your email client or blackmail you.
Final Words on How to Secure an Email
There are approx. 4. 15 billion email users in the world in 2021. Such a large pool of victims is definitely going to attract cybercrimes for deploying cybercrimes. That’s why it is important for you to know how to protect emails. This includes how to recognize phishing incoming emails and how to secure outgoing emails. For that, you can use encryption, enable 2FA, install tools and extensions, delete passwords from browsers, and keep separate email accounts for essential and non-essential work. If you're doing email marketing, use a trustable email marketing service provider like Yottled that securely stores your and your customers' email addresses.
Top comments (0)