10 Must-Follow Email Security Best Practices in 2023


December 06, 2022
Written by
Reviewed by
Ayanna Julien
Contributor
Opinions expressed by Twilio contributors are their own

10 Must-Follow Email Security Best Practices in 2023

Email security is a nonnegotiable priority. After all, email is your identity—how you log in to websites, receive bills, access your bank accounts, and message clients. It's the digital equivalent of your Social Security number (OK, maybe that's a slight stretch).

Regardless, you can't compromise your email account. However, there are bad actors on the internet looking to steal your credentials and take advantage of you. We don't want to spread fear or paranoia, but hackers are out to get you.

Let these statistics sink in: The danger is out there, and you're likely dealing with it every day. Whether you're an employer, employee, grandparent, student, or consumer, bad actors are trying to infiltrate your email account—and you'll likely deal with at least 1 attempt over the next few days. 

Fortunately, you can protect yourself by following a few email security best practices. Below, we'll discuss each of these in more detail.

10 top email security best practices

1. Choose stronger passwords

This comes as no surprise, but it's worth repeating. Simple passwords don't do the trick. You need to spend time creating (and remembering) unique, difficult-to-guess passwords. These should include the following:
  • Upper and lowercase letters
  • Numbers
  • Special characters
  • At least 8 characters
You’ll also need to use a different password on every site. This ensures you don't compromise multiple logins if a bad actor gets access to a single account.

A tool like LastPass can help you store your passwords—just remember to use an extremely difficult (but memorable) password for this so that bad actors don't potentially get access to all your logins. 

2. Use two-factor authentication (2FA)

2FA adds another layer of security to your account. However, you must know the password and can access the second authentication source to log in. And while it can be a pain to always log in this way, it's worth the additional security.

Your 2FA channel could be any of the following one-time passcodes (OTP) or time-based one-time passwords (TOTP):
  • Email
  • SMS
  • Voice
  • API soft tokens
  • Authenticator apps
  • Push notifications

3. Watch for phishing emails

It's easier to recognize phishing emails when you expect them. So anticipate phishers will send you messages and don't assume they'll all end up in your spam folder.

And while phishers are getting more sophisticated with their emails, here are a few telltale signs to look for:
  • Strange or unfamiliar email sender addresses
  • Vocabulary and tone of voice
  • Grammatical mistakes
  • Odd requests
  • Suspicious links
Don’t take the bait: phishers want you to open the email, click the link, and enter your account credentials. Once you submit that information, they have your username and password to access an account or your email address.  Hover over every link before you click it. Do you recognize the domain? And do you trust it?

Keep in mind that many senders use link shorteners and Urchin Tracking Module or UTM codes to track email engagement better, which can sometimes make links look suspicious. However, when in doubt, don't click the link.

For example, if an email tells you about a big sale at your favorite retailer, but you don't trust the message, go straight to the retailer's site rather than clicking the enticing button, image, or link. 

5. Be cautious around attachments

Email attachments can contain malicious malware. So always use anti-malware software to scan the contents of attachments before opening them—even if you trust the source. 

Do your due diligence to confirm the file is safe. If you're not 100% confident, don't risk it.

6. Encrypt your emails

Email encryption protects your emails during transit and storage to prevent hackers from accessing the message. It gives you more control over the emails you send, ensuring only the people you want to receive your messages read them.

7. Avoid using public or open Wi-Fi networks

Hackers can exploit open Wi-Fi networks to access information passing through the network—and that includes usernames and passwords you use to access your email account. So when in doubt, use mobile internet or wait until you're on a secure password-protected Wi-Fi connection before accessing your emails. 

8. Take advantage of virtual private networks (VPNs)

Use a VPN to encrypt your browsing sessions. However, you should still avoid using open Wi-Fi networks, even if you're using a VPN. A VPN will add an additional measure of security when browsing on your secure Wi-Fi network. 

9. Mark emails as spam

Don't just delete unwanted or phishing emails—report them to your security team and mark them as spam in your inbox. By marking these messages as spam, it’ll hurt their deliverability rates and decrease the chances these messages reach your inbox (or anyone's inbox, for that matter) again. It also helps your inbox provider identify messages you don't want to receive.

10. Train your employees on email security best practices

Learning these tips and best practices is a good start, but you need more comprehensive coverage to protect your business and peers. Make email security instructions a regular part of your employees' training. Then, refresh these best practices frequently to keep them top of mind for everyone.

Trust Twilio Verify for your 2FA needs

Want to protect your business and customers with a scalable 2FA solution? Look no further than Twilio Verify.

Verify helps elevate your security with API-powered push notifications and TOTP soft tokens (available online and offline on mobile or desktop). It also expands your 2FA options by enabling secure sign-in via SMS, voice, and email to ensure global reach and reliability.

Ready to get started? Sign up for a free account and see how easy it is to set up secure logins for your employees and customers.

Recommended For You



Most Popular


Send With Confidence

Partner with the email service trusted by developers and marketers for time-savings, scalability, and delivery expertise.