Navigant's Cyber Risk and Information Security PracticeLearn More


Electronic Mail Security: A Letter from One IT Executive to Another03 August 2016

Academia, Email Security, Financial Services, Healthcare, IT Security, Policy Development

We’re hearing a lot lately about email servers and how they relate to data security. . .from presidential nominees to Fortune 500 companies, communicating through electronic mail is a critical component of every organization. Conveniently, we can send messages within seconds to customers, coworkers, partners, etc., across the globe. However, along with this convenience, come threats to your organization’s security. From phishing attacks, ransomware, and CryptoLocker, to accidental data exposure, users face potential threats in managing their email accounts constantly.

COMPASS Information Technology Manager Rich Davis faces these threats on a daily basis. Knowing the threats and concerns regarding email retention, encryption, and security, Rich wrote the following blog post as if he was speaking to a fellow IT executive:


Thank you for getting in touch with me, and welcome to the digital age of computing. I am glad to see that your business is growing and you now have an online presence. Unfortunately, the email I received from you was absent the file you attached because the antivirus software on my computer deemed it was infected with a virus and quarantined it.

As you mentioned in your email, you have been struggling to set up your business minus an IT expert. I am happy to share some information that may help you avoid making some of the same mistakes others have made. This information will protect both your computer and personal information from the many threats that can occur though emails or simply being on the Internet.

A startling 40 percent of businesses fail within a year when unable to recover their data. There is no worse feeling than not having your data in the event of disaster, no matter how small. Thus, the most important recommendation I can offer you is to be diligent in ensuring you have a daily backup of your email and data. You should have multiple backups and make sure the data backup up is good by conducting data restores and testing the data.

Next, ensure that you have a reputable antivirus application installed on your computer—one that scans for malware on both incoming and outgoing emails. URL (or web) filtering is a plus. Having reputable antivirus software will help prevent embarrassing situations with clients, who will learn to trust that you are taking the necessary steps to guarantee your emails are safe and secure.

This next piece of advice might have come in handy for presidential candidate, Hillary Clinton—always limit your work email address to work only. If you are going to send sensitive information, you should consider using a service that encrypts email. Internet service providers usually supply you with a personal email address. Use that to communicate with your family and friends. You can set up a third email account with Microsoft or Google for free. Use the free account for ordering online and signing up for promotions, as that email address will eventually get spammed. You can create a new one at any time when you start to receive too much spam.

Always make sure you know the person you are emailing (i.e., in the To field). If you are going to email many people, you may want to blind carbon copy (Bcc) the group rather than carbon copy (Cc) so that their email addresses invisible to other addressees. Some email applications are set up to automatically add incoming email addresses to your address book. This will prevent you and others from getting into a cycle of unwanted emails, and it will reduce spam.

Recently, a new client’s information was stolen via a phishing scam. The email was smartly disguised to look like a fax from one of its client’s email addresses. Unfortunately, it was the CryptoLocker virus and a key logger that records your key strokes. One click of a zipped file ended up costing this client almost $130,000. The lesson here is: If you are uncertain as to what it is or who sent it, always be careful about what you click.

One more thing, and I will let you go. You mentioned that you hired two new employees, one full-time and one part-time. Please make sure that you do not share accounts or passwords amongst yourselves. This will guarantee you are the only one who knows your personal security information.  

Best regards,

Richard Davis

P.S. I will be glad to assist in setting up your new wireless router with encryption. I am especially looking forward to that burrito lunch you have been promising. . .

To help prevent your employees from clicking on potentially harmful phishing links, download our 5 Tips to Detect Phishing Emails or contact us.

Work With Us Learn How