Most of us have probably experienced some form of email-based cybercrime by now. In fact, if the majority of us opened our personal inboxes literally now, we’d be likely to find some kind of phishing scam inviting us to enter data under false pretenses. It feels like there’s a new phish-flavored bullet to dodge almost every day.
But the risks only increase when you’re a business. There’s a lot more to keep track of, and much of your information is publicly available (whether this is through business registration, or just on your website itself). This info might make it easier for certain types of scammers to convince you they have a legitimate purpose, or simply imitate your business. The problems go beyond phishing, too.
It’s worth remembering, for example, that you will often be emailing customers sensitive information about their accounts or orders with you. Any hack or breach risks exposing their data as well as your own. This makes security a much more integral part of email providers sought by businesses.
In fact, taking advantage of businesses (unsurprisingly) pre-dates the Internet. Most businesses, even now, receive physical letters from so-called tax advisors (and similar) pretending to represent the government, or reference governmental fines like they will be issued if you don’t use their service. Email just makes it infinitely easier to bombard you with similar attacks.
Cybercrime and small business
Sure enough, over 77% of small businesses have received email-related cyber attacks, and it stands to reason when you think about how juicy-a target you might be. From the attackers’ point of view, your security measures are likely to be less robust than bigger businesses — due to financial and personnel constraints, but you still might have valuable resources or data worth stealing.
But it doesn’t end there. Cybercriminals even attempt to impersonate small businesses by using their names in bogus email addresses. These messages might even contain the names and roles of real employees, contacts, or suppliers to add legitimacy. Services like LinkedIn have not helped with this. While being invaluable resources for employers and employees alike, they’re essentially databases containing what would otherwise be information that’s difficult to find.
Like anything, the more data that’s online the more ways it can be weaponized. It’s good to keep everything you publish about you or any part of your business to a minimum.
But secure email providers can help…
The best email providers champion security to safeguard the sensitive information exchanged in emails. For the reasons already mentioned, this is a real plus for business customers like you, and sure enough, a recent customer survey we created backed this up. Over 83% of people said security was the main reason for their choice of email provider.
One of the key measures to always factor in is encryption. In the same survey, 88.7% of respondents said encryption was the most important feature of all. This can come in many forms. Encrypting data where it’s stored is often overlooked, but it’s important. If data is stored encrypted, anyone who hacks the mail server will only find nonsensical jargon. As a small business, you should really also seek out providers that feature self-destructing, or password-protected messages to help with confidentiality.
The combination of security features typical of business email usually helps them comply with data protection regulations such as GDPR and HIPAA.
Greater customization of security features
Look for features that allow for a greater level of customization when choosing your business email. For example, enhanced tools to help you categorize mail by subject or type. These can really help when it comes to sorting through large volumes of messages.
Similarly, creating generic mailboxes like info@ or admin@ that redirect to specific teams or people is another useful feature. These are called aliases, and most good business email providers will allow you several of these. They allow you to forward messages from generic mailboxes like the ones above to multiple mailboxes, which has the added bonus of allowing multiple people to monitor them, as well as protecting their identities.
Security and anti-spam
Spam poses an increased risk to small businesses compared with individuals. But what exactly is anti-spam protection?
Put simply, it allows you to block messages from senders that you identify as untrustworthy. But good ones offer even more than this. Top anti-spam filters use tools like machine learning to anticipate what is likely to be spam based on your previous classifications, automatically putting harmful phishing scams safely out of the way of you and your employees.
Adaptable filtering is also essential for keeping on top of your business emails. Need to change a rule, or found something in spam that shouldn’t be? You should be able to adjust settings easily. Manual overrides are an essential feature to look for in spam filters.
Getting DMARC, SPF, and DKIM protection
But what about those pesky folks impersonating your business? Is there a way you can stop them?
The trouble is, it’s more complex than simply thinking you’re safe because your account is secure. These spoofers often don’t need to break into your account to spoof an email address that looks like your own. That’s where these clever secure email features come in:
- SPF: Sender Policy Framework is a protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. It works by publishing a specific record in the DNS (Domain Name System) that lists the authorized mail servers. When an email is received, the recipient's mail server can check the SPF record of the sender's domain to verify if the sending mail server is allowed to send emails on behalf of that domain. If the SPF check fails, indicating that the email is sent from an unauthorized server, it can be flagged or rejected.
- DKIM: DomainKeys Identified Mail adds a digital signature to an email message. This signature is generated using a private key associated with the sender's domain and is added (invisibly) to the email's header. The recipient's mail server then uses the public key, published in the DNS by the sender's domain (in a similar way to SPF), to verify the signature. If the signature is valid, it proves the email is legitimate, but also confirms it was not altered in transit. If the signature verification fails, it indicates potential tampering or an illegitimate source.
- DMARC: Domain-based Message Authentication, Reporting, and Conformance (it’s a mouthful but stay with it) builds on SPF and DKIM by empowering domain owners to choose how a recipient’s mail server should handle an email that fails an authentication check. They can choose whether the email is quarantined or rejected. Additionally, DMARC enables domain owners to receive reports from email receivers about emails that pass or fail authentication, helping you to monitor what is going on in terms of impersonators.
SPF, DKIM, and DMARC work together to verify the legitimacy of the sender's identity and prevent email spoofing and domain impersonation:
- SPF validates the sending server.
- DKIM ensures the integrity of the email's content and the sender's domain.
- DMARC provides policies and reporting, allowing you, as a business owner, to specify what actions should be taken for emails that fail authentication and receive reports on authentication results when someone tries to send an email posing as you.
But why not go with a big name?
Recently there’s been a shift, with more individuals and businesses turning away from their reliance on big tech giants — like Google, Apple, and Microsoft.
There are increasing concerns about how these companies handle data. Google famously had a server breach in 2018, and Microsoft in 2021 where data was accessed illegally. But more broadly speaking, it was the revelations made by Edward Snowden in 2013, showing the NSA could potentially have direct access to big-tech servers (under the guise of programs like PRISM), that really made people question whether their data was compromised with these companies before breaches are even considered.
As a result, individuals and businesses alike have become more cautious and started exploring the alternatives provided by smaller, more privacy-focused email service providers.
But it’s more than that. Smaller secure email providers offer things the big boys don’t alongside the security advantages we’ve mentioned. Many businesses just really like the level of flexibility and customizability they offer, along with lower, more competitive pricing and plans that grow alongside your business.
Some small businesses might just prefer not to bolster the monopoly grip the giants have over our lives by doing their small bit to support smaller companies.
The future of business email
When it comes to choosing the right business email, you should be able to get high-security levels, but also a system that makes business email effortless. So business comms flow more freely, but security is never compromised.
In fact, you should be able to get a secure, simple business email service that forms part of a wider web platform. One where you can incorporate your domain name into your email address automatically, and build other web products into your ideal solution — knowing that every part of the platform is secure.
That’s why we created Spacemail business email. It’s technology designed for ‘actual human beings’, and actively updated to beat the latest security threats. Plus, it sits within the wider Spaceship platform, to help you do better business online everywhere with security and simplicity as standard — always.