Managing email to keep your inbox under control is one thing. Avoiding the never ending stream of email attacks on you and your company is something else.

Email is a common way for criminals to get what they want, whether it's an open door into a network or theft of someone's personal information. And it's pervasive. That's true even on the issue of annoyance. According to Symantec, 55 percent of email is spam. It's also a way that 71 percent of organized attack groups use to break into networks. Open a door on someone's computer and now you have access to the company.

About 12.3 percent of emails carry a URL to a site that will infect a computer. For a company with under 250 employees, it's 12.8 percent. By the end of 2017, the average user received 16 malicious emails per month.

Enough bad news. Now it's time for some good. There are cheap and free ways to cut down on the danger email attacks present. Here are some of them.


One step that relatively few Fortune 500 companies take is to implement the Domain-based Message Authentication, Reporting & Conformance, or DMARC protocol. It makes it easier for senders and receivers to tell if an email legitimately comes from a sender when someone is spoofing, which is pretending that a message comes from someplace else. It doesn't cover every possibly way of appearing to look like someone else but can be a big help. Ask your IT staff or consultant how to implement it.

2. Free technical advice

There is free advice out there, like that from the U.S. Chamber of Commerce. Some of the suggestions are pretty basic, like don't provide passwords or personal information in response to an email. But the simple issues that training can help reduce are often the most likely to happen.

3. Use the tools you have

You probably have some amount of security software. Be sure you're using all the features, as there may be some that address email attacks. Also, talk to your system administrator and find out what more could be done with the firewall you are, or should be, running.

4. Get free tests

Some security companies like Byteplant and KnowBe4 have free tests of email systems. There are probably a good number of other companies that also do. You don't have to buy anything, although doubtless the firms will follow up. But if you can pinpoint where in your organization the greatest security risks lie, you can better direct your efforts.

5. Get free software

There may be no such thing as a free lunch, but there does seems to be some free software to block spam and malware from your email system. I went to a web search engine and used the following terms:

free email security tools

You can find free software to block malware-laden emails, to test mail servers, and so on. Poke around or get your IT staff to do so. Much of this, while not intended for a larger corporation, is licensed for individuals or even small businesses.

One caveat: Do thorough research to be sure the source is legitimate and that you're not getting disguised malware. Also, free can sometimes, although far from always, also mean less capable. If you don't know how or where to check on the quality or legitimacy, ask your IT staff or consultant. Or get them to make some recommendations for you.