For small businesses, email stands as their primary communication and marketing tool. At PlanetMapgie, an IT support agency, we’ve seen plenty of ways business owners use email. For example, some only looked at email on their phone. Others forwarded their work email to a personal account. A few had one work account set up on three different devices. One professional even used four different email addresses every day (yes, it’s really happened!).

All of these people had one thing in common. Their email accounts were unsafe.

None used malware protection.

Only one had any training on safe email practices.

They were missing the sort of cybersecurity practices EVERY business (big or small) needs.

Let’s talk email safety. You may find your email is more at risk than you realize. But don’t worry — we’ll give you surefire methods of keeping email safe.

Email and Malware: Joined at the Hip

Email is the No. 1 vector (entry point) for malware. Nearly all of the recent data leaks and ransomware attacks (like WannaCry and Petya) came via infected emails. We mentioned this in our last Tech Trends for Small Business post, but it’s worth going into more detail.

Let’s start with the big question: Why does email work so well for spreading malware? It has a simple answer … by deceiving people.

That’s why email safety is so crucial for small businesses. You may not have many people on staff, but without safeguards in place, even one successful deceit can spell disaster.

How Malware Emails Deceive You

You have probably seen a simple message like this one from a service provider, such as a bank or your website’s host, asking you to update a password or log on to your account.


Except that it’s not from a service provider at all. It’s a malware-infected “bait” email.

If you’re not able to tell the difference between an official email and a “bait” email, you’re not alone. And that’s because cybercriminals put a lot of effort into making their “bait” emails look official.

There are several ways to tell if an email is unsafe:

  • The message looks like it came from a bank or financial agency — but not one you belong to.
  • It is addressed to an email address other than yours (or one you know doesn’t exist).
  • It asks you to reset your password or enter some other personal information, by clicking a link.
  • The sender wants you to open an attachment you didn’t ask for or weren’t expecting.

Of course, it’s better to block unsafe emails from reaching your inbox in the first place. You can do this with reasonably priced software and following specific business policies. I’ve sorted these in order of priority below:

  • Priority No. 1 – Conduct annual employee safety trainings.
  • Priority No. 2 – Install anti-malware/anti-ransomware software.
  • Priority No. 3 – Adopt a safe email policy.
    • For example: Avoid combining work and personal email. It’s a bad idea anyway, for legal reasons, and the practice also makes it way too easy for malware to spread from a personal email account to a business email account if both are accessed by the same computer.
    • If you aren’t sure an email is legitimate, follow these steps:
      1. Create a new email instead of clicking “Forward” or “Reply.”
      2. Address the new email to the person from whom you just received the suspicious email. Do not copy their email address from the suspicious email — get it from your own address book.
      3. Ask the person if he or she sent you an email a moment ago. You can copy
      4. Wait for a response. If they say, “No, I didn’t send that email,” notify your IT department of a possible malware infection.
  • Priority No. 4 — Run spam filters at the server level. 

Beat the Deceit: Make Sure Email Safety is Part of Your Small Business

The most important thing to remember: it only takes one email to bring down a business. Good protection and educated employees go a long way toward stopping malware attacks.

Want to learn more about email safety? Here are a few of our other articles on this topic.

Please share your thoughts in the comments below.