Small Business Tips

Email security tips for small businesses

Google has reported that 18 million phishing emails related to COVID-19 were identified daily during just one week in April.

Many of these emails look like they come from government agencies, such as the World Health Organization, and play on the fear many people are feeling during the pandemic.

Although Google says that they have AI protections in place that block roughly 99.9% of these malicious emails, they have also partnered with WHO to implement a Domain-based Message Authentication, Reporting, and Conformance (DMARC) system to make it even harder for these types of messages to get through to Google’s users.

So what does this mean for small business owners?

Use strong passwords

Most people already know that creating a strong password is essential to keeping email secure, but it doesn’t hurt to reiterate this fact. Most email providers require that your password meet certain minimum requirements, like character count and the use of special characters, but here are some of the most important tips for choosing a secure password.

How to pick a strong password

• Don’t use pet names, family members’ names, nicknames, quotes, or birthdays.

• Avoid using common phrases, instead, make up something completely random that’s not in the common lexicon.

• Make your password as long as you can handle it. Lots of upper and lowercase letters and special characters ($%^&*) will make your password more secure.

Identify possible phishing

You and your employees should be aware of the types of phishing emails out there and how to detect them. In fact, phishing emails have been on the rise since the COVID-19 pandemic hit. So now more than ever is a good time to know what to look out for.

Three ways to detect a phishing email

1. Examine the sender’s email address. If it follows a pattern that you don’t recognize as being from your company, it could be a phishing email. Or, if the domain address has numbers attached to the end of it, that’s a sign, too.

2. Suspicious links. If the email is asking you to click on a link to change your password but you didn’t request a password change, this is a sign of a phishing email. Or, if the email uses threatening language to convince you to click, don’t.

3. Spelling errors. A lot of these emails have bad grammar and spelling. If the email is claiming to be someone you know but they spell your name wrong, that’s a dead giveaway.

Set up 2-factor authentication

Setting up 2-factor authentication to access your email is an effective way to secure your company email. Here’s how it works: After you sign in to your email account, a code will be sent to a separate device (usually a cell phone but you can choose whatever device you like) for you to input to verify that you are the owner of the account. This will occur every time you log in, with a new code sent to the device of your choice.

Having this extra layer of security means that even if a hacker found out your password, they would not be able to access your account without the code from the 2-factor authentication.

Use VPNs

VPNs (Virtual Private Networks) are very helpful if you have employees working remotely. A VPN allows you to function as if you’re using a private server even when connected to public Wi-Fi. When you use a VPN, you can rest assured that your email is not being hacked if you or your employees work from a café or other public place. Make sure your VPN software is up to date, with all security patches installed.

Pro Tip: Stay in the know about VPN vulnerabilities for businesses.

Encrypt sensitive information

If you have to send sensitive information via email, best practice is to encrypt it. When you encrypt something, it means that you disguise the information so that hackers can’t read it. A public key, in the form of a digital code, is used to encrypt the email and a private key is used to decrypt the email. Use this infographic to learn more about how encrypting works. Free encryption apps to look into for your business include Proton Mail, Mailvelope, and Ciphermail.

The problem with sharing your email with social sites

Many social media platforms ask for access to your email to upload your contacts so you can easily connect with friends and colleagues on their site. It seems like a nice offer, but this could lead to email security mayhem. There have been lawsuits against many of these social media platforms when it comes to privacy, so it’s best to steer clear of sharing your email login credentials with any of them.

Another great way to stay protected against cyber threats is with a cyber insurance policy. Learn more here.


About Hiscox: As experts in risk, Hiscox gives people and businesses the confidence to realize their ambitions. With roots dating back to 1901, Hiscox has the expertise to challenge convention and find a better way. Learn more about Hiscox at