Cracking the Email Security Code: 12 Best Practices for Small and Midsize Businesses

It only takes one successful attack to spell disaster for a company. Learn how to protect your company with this email security best practice guide.

June 8, 2022

3 Min Read
Source: ar130405 via Adobe Stock

The number of emails sent each day is expected to top 330 billion this year.

Cybercriminals know this, with phishing and other email-targeting tactics the top attack vectors ― because they work so well. And as we discussed in the first article of this two-part series, "For MSPs, Next-Gen Email Security Is a Must," advances in automation have made it easy to run these attacks at scale, with no organization too small to target anymore.

It only takes one successful attack to spell disaster. What can you do to protect your company? Although proper email security is never a walk in the park, we have prepared a checklist of email security best practices for small and midsize businesses (SMBs), divided into three categories: organizational culture, security posture management, and technology stack.

Organizational Culture

A security-first organizational culture bolsters email safety by prioritizing the following:

  1. Clear policies: Get IT and business leaders to co-formulate clear security policies, including email-specific ones.

  2. Continuous reinforcement: Make email security practices part of employee onboarding, ongoing training, and performance reviews.

  3. Peer buy-in: Buy-in for the company's security strategy from non-security peers is crucial for good security outcomes for SMBs.

  4. Learning from incidents: Leverage email security incidents to address vulnerabilities and finetune policies.

Security Posture Management

Here are four best practices for email security posture management that SMBs can adopt:

  1. Timely incident response: A companywide incident response plan (that includes notifications, responsibilities, response and mitigation workflows, reporting, etc.) must be regularly tested and updated.

  2. Data loss prevention (DLP) program: A DLP program incurs costs, but the ROI is clear when a company can achieve near-zero RPO/RTO outcomes in response to ransomware or other data theft exploits.

  3. Systematic management of email passwords: UK survey: 82% of security breaches over the previous year started with weak email passwords. IT should enforce strong, unique passwords that are updated regularly.

  4. Clear reporting: Be able to demonstrate diligent tracking of email security metrics and effectively address incidents and vulnerabilities.

Staying on Top of Technology

Cyber threats are constantly evolving, increasing the pressure on businesses to optimize and modernize their protection. Ensure that your current email security stack is best of breed and up to date:

  1. Proactive refreshing of email security stack: SMBs with a process in place to proactively refresh their security technology stack achieve superior security outcomes.

  2. SaaS: A SaaS email security solution ensures continuous improvement while eliminating infrastructure overhead.

  3. Two-factor authentication (2FA): An additional authentication step considerably hardens email security. There are plenty of freeware and commercial 2FA solutions out there.

  4. Multiple, overlapping layers of defense: Sophisticated exploits require a multilayer defense based on email security gateways; anti-phishing or anti-malware tools; and threat intelligence solutions.

Using an MSP

MSPs have the resources and experience to deploy a well-integrated, end-to-end solution that protects their customers' email flows. The benefits of using an MSP include:

  • 24/7/365 threat detection and response

  • Scalability

  • Easy integration with existing email infrastructure

  • Flexibility and configurability

It's a win-win solution: The MSP works against the weaponization of email while the SMB can focus its resources on core business activities.

Acronis and Email Security

Whether a business manages email security itself or turns to an MSP, having an integrated data protection and cybersecurity solution that secures an organization's online assets — including email — is critical. Learn how Acronis can help with its cyber protection solutions, featuring ML-based anti-malware, antivirus, and anti-ransomware protection, fail-proof patching, continuous backups, safe and rapid recovery, global threat monitoring, smart alerts, and more.

About the Author


Candid Wüest is the VP of Cyber Protection Research at Acronis, where he researches new threat trends and comprehensive protection methods. Previously, he worked for more than 16 years as the tech lead for Symantec's global security response team. Wüest is a frequent speaker at security-related conferences, including RSAC and AREA41, and is an adviser for the Swiss federal government on cyber-risks. He holds a master's in computer science from ETH Zurich and various certifications and patents.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights