Having a lean IT department or none at all is one of biggest challenges small businesses face. Beyond the hassles of contracting help when your systems are down, security breaches are a risk when you can’t invest in IT resources. Especially in the typical small business environment, where employees are able to access personal email on workplace machines, business information is vulnerable, says Ravin Carr.
Carr is CEO of FewClix, a company that offers an email productivity tool for Outlook. He says his company’s studies show that small business employees spend about two hours a day on email, and that unified personal and work contact lists on PCs and mobile devices cause all kinds of problems for employers. “It’s easy to pick the wrong email address to send out an official email. Then the whole chain reaction begins,” he says.
What exactly can go wrong when an employee sends business emails to a personal account? Says Carr, “Hackers need to hack into your network to get into your work email accounts. That’s not true of personal accounts.”
For instance, he says, “Our company retains a law firm that deals with all our intellectual property issues. We’ve connected personally and on social media with some folks there. I could send out patent sketches for a new software design or copyright to the wrong email address. Or I could reach out to a chartered accountant who sends advice back to me in the wrong email address.”
Because personal email accounts are open to vulnerabilities and threats that your work email is not, Carr recommends a few ways small business owners can protect against security breaches via in-house technology.
1. Establish a firewall between personal and work email worlds. Advises Carr, “Separate these two worlds completely, and make guidelines about what employees can and cannot do.” He warns that if employees can easily access personal email on a business computer, then confidential email threads could accidentally be shared inappropriately.
2. Mitigate “bring your own device” risks. Most software available to help manage mobile devices is enterprise scale and open source. If employees have their work email pushed to a personal device, ensure that the device is password protected and that the IT department is aware. If an employee loses a device, the company needs to be able to wipe it clean immediately.
3. Attach with care. “A lot of people don’t think twice before attaching a document to an email,” Carr says. “If you have financial data or anything that could compromise your security, don’t share that as an attachment. Use Google Drive instead. It’s free, secure, and it lets you make sure you are passing a document along only to the person who needs to see it.”
Carr says small businesses should emphasize the need for employees to take pause when sending documents of a sensitive nature including client information, financial data, or a new business pitch. Mandate use of a file-sharing service that prompts the recipient to enter a password, or to send it via an encrypted email, instead of just adding the attachment to an unencrypted email. Ensure that only the people intended to see company documents are able to do so.
4. Make it easy to find emails and contacts. Here’s where Carr makes a pitch for FewClix, which, for $2.99 per user, can be embedded in Outlook to enable easy and detailed searching of your email folders and archives. He says that offering an efficient search tool for work-related email discourages employees from going to their personal email accounts to reach people they want to contact. “When you don’t remember a number, that’s why you go to the wrong contact list,” he says. “When it’s easy to find things, it makes the experience so much better. You’re not dreading doing something inside your email box.” Or doing something inside your email box that the company dreads.