91% of cyber attacks start with an email.

Email is by far the most commonly exploited attack vector. Each year countless organizations lose millions of dollars over lapses in email security.

And for small and medium-sized businesses, the damage can prove fatal. Recent studies have found that 60% of SMBs that get hit by a cyber attack fold within six months of the incident. And two-thirds of potential victims WOULD go under if they were successfully attacked.

So, something as trivial as learning to spot a phish can have major ramifications on your bottom line and the health of your business.

And we’ve come a long ways from the days of those poorly-worded Nigerian prince emails. It’s still unclear whether or not anyone ever clicked on those in the first place (someone must have), but nowadays phish are difficult to distinguish from the real thing. According to one survey, 97% of respondents couldn’t spot a phishing email.

The criminals use social engineering to produce believable scenarios, impersonating well-known companies or vetting potential targets on LinkedIn to tailor their approaches.

And nobody is safe, from the lowest level administrative employees on up to the C-Suite – even partners can be targeted in an effort to get at your organization.

As email becomes increasingly critical to business success, however, a stronger set of email security best practices is recommended. They can be summarized as follows:

  1. Train employees on email security best practices.
  2. Create strong passwords.
  3. Don’t reuse passwords across accounts.
  4. Consider not changing passwords regularly.
  5. Use multifactor authentication (MFA).
  6. Take phishing seriously.
  7. Be wary of email attachments.
  8. Don’t click email links.
  9. Don’t use business email for personal use and vice versa.
  10. Avoid public Wi-Fi.
  11. Use email security protocols and tools.