(844) 982-6824 

Practical email security advice for small businesses, organizations, and everyday users

Last updated on

Email security guide

For those who need a little email sanity and easy-to-understand email security advice

Which of these sounds most like your email habits?

  1. I use one or two email addresses in a web browser (like Gmail)
  2. I use multiple email addresses in an email application (like Outlook)
  3. I use multiple email addresses in a never-ending dystopia about how many emails I get at all hours of the day and night
  4. All of the above

Most people, most of the time are doing all of the above. You have a personal email address like Gmail, a work email address that’s maybe managed by either an IT department or business-scale service like Microsoft 365. And you might throw all of these email addresses into an application like Outlook or Apple Mail to use other features like calendars and have them all in one place.

The Internet is littered with email security guides and lists with advice that isn’t practical, isn’t applicable, isn’t easy to understand, or is just alarmist and wrong. 

Email security myths

Things like “avoid giving your email address away”, “log out when you’re done”, and “plan for an attack by visualizing your team’s email activity” aren’t just unlikely, they’re almost absurdly out of touch. For most people, visualizing their email looks like, “I sit down at my desk, I open the email, I send email.”

“Keep an antivirus app on your device” is also common but largely useless. Windows Defender built into Windows 10 and 11 is very good, as well as built-in security from Apple on Macs. iOS devices have a security architecture that makes an antivirus application there about as useful as handing a scuba diver a pair of latex gloves, and Android is similarly equipped to take care of itself. Most antivirus programs today are usually a drain on system resources and are focused now on preserving their business models than actually offering useful protection. The popular Norton AntiVirus software now includes a built-in Bitcoin miner of all things.

And another common tip to “change your email password frequently” isn’t just annoying, it’s a false sense of security that results in worse passwords (we know you just add a “1” or an “!” to the end of an already short word anyway). Even the FTC thinks it’s time for mandatory password changes to stop.

There is a saner way and it starts with testing your ability to spot suspicious material quickly.

About this guide

  • VPC has compiled this list of email security for everyday email users and small organizations and businesses. 
  • Healthcare organizations should heed slightly different advice due to the differences in HIPAA compliance and patient security. Schools and universities are also targets for different kinds of attacks than what is discussed here.
  • There are hundreds of combinations in services and systems, team size, and everyday realities. Someone who regularly emails with overseas suppliers is going to have a different experience than someone who works in a smaller geographic area close to home.

Email security guide table of contents

Does your team need some cybersecurity help?

VPC can conduct onsite, interactive, tabletop, and virtual cybersecurity training and audits that go beyond email security.

We’ve worked with the Midwest’s largest governments, enterprises, and healthcare providers to audit, protect, and train organizations to react and respond to malware, ransomware, cybersecurity, and more.

Tabletop exercise

We've worked with these and dozens of other partners across the U.S.