<p>Email security best practices haven’t changed much over the years: Use strong passwords, block spam, don’t trust offers that seem too good to be true and verify requests — even from known entities.</p>
<p>These longstanding practices, however, have not stopped email from being a significant security vulnerability. CISA reported that more than 90% of successful cyberattacks begin with a phishing email, making it one of the riskiest tools used by enterprises today. The issue has been compounded by a 131% year-over-year increase in emails containing malware, according to a 2026 Hornetsecurity report, with phishing remaining the leading infection vector at 46%, followed by compromised credentials at 25%.</p>
<p>To prevent these risks, organizations must follow a strong set of email security best practices. Organizations should share the following guidance with their employees and implement appropriate controls and technologies to protect this vital means of communication.</p>
<section class=”section main-article-chapter” data-menu-title=”Create strong passwords”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Create strong passwords</h2>
<p>One of the most important email security best practices is to use strong passwords. Password security advice has changed in recent years. Previous thinking was that complex equaled strong. But forcing employees to create complex passwords, such as <i>}m}{4p#P@R9w</i>, usually ends with users writing their passwords on a sticky note or saving them in an insecure file on their desktops.</p>
<p>NIST maintains that password length, not complexity, is the key to password strength. Using passphrases — the <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-create-a-strong-passphrase-with-examples”>stringing together of a few words</a>, such as <i>kittEnsarEadorablE</i> — is one method to create longer, easy-to-remember yet difficult-to-guess passwords that help defend against attackers who use <a href=”https://www.techtarget.com/searchsecurity/definition/dictionary-attack”>dictionary attacks</a> to target weak passwords.</p>
<p>If you plug these two examples into Security.org’s <a target=”_blank” href=”https://www.security.org/how-secure-is-my-password/” rel=”noopener”>How Secure Is My Password?</a> tool, you will find that <i>}m}{4
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: