It is essential to never take email security for granted. As a now indispensable tool for business communications - made even more crucial due to the surge in remote work during the COVID-19 pandemic – the workforce must strive to make sure they are familiar with how they can improve their email security.

Whether you are sending, receiving or storing communications through email, follow the advice mentioned below to ensure you are taking every necessary security precaution.

1. Know the signs of a phishing email

Phishing is the fraudulent and harmful practice of sending emails pretending to be from reputable companies, asking individuals to reveal personal information.

To prevent phishing, pause and think before taking any immediate action as requested from an email. Learn to spot the signs of a phishing email by identifying what seems to be unusual or inconsistent. Phishing emails normally have:

• Attachments or links

• Spelling errors

• Poor grammar

• Unprofessional graphics

• Unnecessary urgency about verifying your email address or other personal information

• Generic greetings like "Dear Customer" instead of your name.

2. Use Multi-factor authentication to access your email accounts

Multi-factor authentication requires at least two (2) identity components to authenticate a user’s identity, so that even if a hacker manages to guess your username and password, there is still a code they must enter before they get access to your emails.

MFA identity components include:

• Something the user knows (e.g: Password, PIN);

• Something the user possesses (e.g: one-time PIN, 2-Factor authentication app, security token);

• A unique trait of the user (e.g: Biometrics – fingerprint, facial recognition)

Almost every email platform offers multi-factor authentication, and so it is advisable to turn on multi-factor authentication to take advantage of an additional level of security for your email accounts.

3. Avoid sending any sensitive information over email

Sensitive information such as passwords, bank card details, and internet banking platform credentials should never be sent via email. When you send sensitive information over email you are putting your trust in the receiving party to ensure that data is never compromised.

Unless the recipient deletes and empties their deleted items folder, there is a copy of that data in their mailbox and you are trusting them to protect it, and you do not know how who has access to that account or how cautious they are with who they send information to.

Reputable institutions will never ask for your sensitive information over email, and so requests such as these can be considered to be phishing attempts.

4. Don't use business email for personal use and vice versa

An email security best practice is to prohibit the use of a corporate email account for personal matters. Likewise, work-related emails should never be sent from personal accounts.

Using your work email address for personal communications or interests can open the door to more security risks. It is best to keep your accounts as separate as possible.

5. Don't open an attachment unless you know who it is from and are expecting it.

It is crucial to take care with attachments even when you use email scanning and malware blocking software. If an attachment has an extension associated with an executable program, such as .exe, .vbs, .js, .scr, .bat, extra caution should be taken before opening it.

Files such as Word documents, spreadsheets and PDF files can also carry malicious code, so be careful handling any type of attached file. Ensure you know and trust the source of any attachment. As an added security measure, download an antivirus software and use it to scan every downloaded file before opening it.

6. Don’t click email links

Hyperlinks in email can often connect to a web domain different from what they appear to represent. Some links may display a recognizable domain name, such as www.amazon.com, but, in fact, direct the user to a different, malicious domain.

Always review link contents by hovering the mouse pointer over the link to see if the actual link is different from the displayed link. When in doubt, instead of clicking through a link in an email that claims to direct you to an urgent action request such as changing your password; write the domain in the search bar of a new tab and compare the links to check the validity of the link you were sent.