While e-mail is one of the most widely used business applications, it isn’t a secure way to communicate, so the messages you receive every day are also a potential threat to your confidential and sensitive business information. To help you protect your and your clients’ confidential information -- and to help you stay in compliance with state and federal regulations – secure messaging solution developer Nveloped put together this list of common e-mail security mistakes. Source: http://www.accountingtoday.com/gallery/Common-E-mail-Security-Mistakes-66437-1.html

1. Common E-mail Security Mistakes
While e-mail is one of the most widely used business applications, it isn’t a secure way to
communicate, so the messages you receive every day are also a potential threat to your
confidential and sensitive business information.
To help you protect your and your clients’ confidential information -- and to help you stay
in compliance with state and federal regulations – secure messaging solution developer
Nveloped put together this list of common e-mail security mistakes.

2. 1. Sending confidential information in a regular e-mail
Traditional e-mail isn’t secure and does not have safeguards to protect your data or your client’s data.
And sending separate e-mails with password information doesn’t provide more security -- it’s just as
easy to intercept that message with the password.

3. 2. Clicking on links or opening attachments in unexpected messages
Clicking a link or opening an attachment in an unexpected e-mail message can infect your computer
or your business’ systems with malware. If you receive an unexpected message that asks you to take
some action (for example, “Click here to confirm your account details”), check with the sender to
verify that they sent the original message to you.
Also, in most e-mail clients, the link address shows up at the bottom of the window when you hover
your mouse over the link. That’s a good way to verify whether the link is “safe.” If the sender and link
address don’t match up, it’s a good idea to check with your IT staff to confirm that the message is
legitimate.

4. 3. Not protecting your password
Your password is the most direct way for someone to get into your e-mail account, so choosing a
password that is complex (not “password”) and keeping it safe is extremely important. Many
organizations now implement password policies that require a certain level of password complexity
and periodic changes, but users also need to avoid writing down their passwords on sticky notes or
posting them in their office where others can see them.

5. 4. Not verifying the sender of an e-mail message
In most e-mail clients today, there is a way to verify that the message actually came from the listed
sender. In Gmail, for example, you can click on the small triangle next to the sender’s name, and it
will show what e-mail server delivered the e-mail message. Messages that don’t have this
information aren’t necessarily bad or untrustworthy, but you should be a bit cautious before clicking
the links because the message sender has not been authenticated.

6. 5. Not asking your partners to communicate securely
There are many instances where an organization wants to communicate securely, but the partners
they work with outside their organization continue to send information in a non-secure way. If you
aren’t asking the other people and organizations with whom you communicate to also protect your
sensitive data, it may still be at risk because your partners don’t have the right safeguards in place.
Source: Nveloped

7. 5. Not asking your partners to communicate securely
There are many instances where an organization wants to communicate securely, but the partners
they work with outside their organization continue to send information in a non-secure way. If you
aren’t asking the other people and organizations with whom you communicate to also protect your
sensitive data, it may still be at risk because your partners don’t have the right safeguards in place.
Source: Nveloped