Email is one of the critical business tools that people rarely think about, until something goes wrong. If you’re like most organizations and rely heavily upon email to keep in touch with clients, customers, suppliers, and sales prospects, there are several best practices you should employ so that you can avoid having your ability to use email damaged or even destroyed.

Here are four best practices that will help keep your email safe and secure:

1. Use a strong password
Sure, you’ve heard this a million times, but a strong password is so important, it’s worth hearing it a million and one times. You cannot overestimate the importance of creating a unique, strong password that uses a combination of upper and lower case letters, numbers, and symbols. DO NOT choose a password that can be easily guessed based on you, your organization, or things associated with you. There are a number of generic, easy-to-guess passwords that people continue to use, despite article and blog posts like this one pleading for them not to be used. Just Google “most popular passwords” if you’d like to see a list of what to avoid.

A strong password is the cornerstone of your online security. If someone hacks your password, they can get into your website and email and wreak havoc. For example, your email can be “spoofed” – a form of fraud or deception in which someone alters parts of the email to have it appear as if it was generated by someone legitimate (you) as a way to gain personal information for criminal activities or elicit payment for a phony product or service.

Spoofing can be part of another form of fraud called “phishing.” Phishing is a criminal act in which a dishonest sender uses what appears to be a legitimate email in hopes of luring the recipient into trusting the email. A false (spoofed) website is part of the scheme, cleverly disguised to appear as a legitimate online bank website or paid Web service, like eBay. Far too often, victims will unwittingly believe the spoofed email and click through to the false website. Trusting the spoofed website, the victim will enter his password and login identity, only to receive a false error message that “web site is unavailable”. In the process, the dishonest spoofer will capture the victim’s confidential information and proceed to withdraw the victim’s funds or perform dishonest transactions for monetary gain.

Spoofing is also used to hide a spammer’s true identity. Once your email is hacked, the spammer alters the source email address to make the email appear legitimate and then send out hundreds or thousands of spam emails in the hope that receivers open the innocent-appearing email and see the spam advertising inside. This, of course, can damage your reputation and brand value as a business if you appear to be a spammer. Often the only way you might find out if someone’s taken over your email is if you receive a bounce-back message from an inactive recipient address that received a spoof email from your account.

2. Change your password often
From all of the potential problems outlined above, it’s not hard to see why you should change your password frequently. It’s important that your email doesn’t get compromised and the easiest way to do that is to ensure that no one can hack into it. We recommend changing your password every 3-4 months to be safe. Many online safety experts recommend having a different password for every account. While that’s certainly smart, it can also be a tremendous pain in the neck since the average individual has dozens of accounts requiring passwords. If you’re like many people and use one password for everything, that’s all the more reason to change it regularly.

3. Create an SPF record
Creating an SPF record is the technical term for instructing your internet service provider (ISP) about which servers are allowed to send out messages from your account. Typically, it would only include your provider’s server and yours, if you have one. Creating an SPF record is not automatically done by all ISPs, so you should make sure you request it to prevent a spammer from hacking into your account and setting up their servers to send spam through it.

4. Be careful opening email attachments
This is another standard warning, but it bears repeating. There are still way too many people who casually open attachments and click links without thinking, opening themselves up to viruses, malware, and other computer mayhem.

In general, you should only open files with attachments that you know are safe. Any .exe file should be avoided unless you trust the source because .exe indicates a Windows program, often used to attach malware to an email, waiting to install itself on your computer when you open it. On the other hand, .jpg and .png are image files and should be safe. .pdf, .docx, .xlsx, and .pptx are document files and should also be safe — although it’s important to have the latest security patches so that the rare malicious versions of these files can’t infect you through security holes in Adobe Reader or Microsoft Office.

With just a little commonsense and the use of these best practices, you should be able to keep your email safe and secure so it can remain a valuable tool for your business success.