When people think of cyber security and identity theft one’s email account doesn’t come up nearly as often as it should. An email account is the number one security weakness for 99% of the startups out there. Just think about the “Reset Password” option for the sites you use on a regular basis — online banking, QuickBooks Online, Amazon.com, Google AdWords (a savvy bad guy can run up your bill driving traffic to an affiliate program in China), etc.
Jeff Atwood’s recent post Make Your Email Hacker Proof recommends the same solution I recommend and use personally.
All startups should use Gmail with two-factor authentication enabled for personal and business email. Yes, it makes it more annoying to sign into Gmail from a random laptop but it’s totally worth it. The idea is that you sign in like you normally would with a standard password and then you use a separate program on your smart phone (or get a number texted to you) that has a random second password. This second password is the key since it is much harder to steal as it changes every 60 seconds and is created on the fly.
If your email account contains important information or is connected to another account that’s important, and has a “Password Reset” function, Gmail with two-factor authentication is the way to go.
What else? Do you agree that email is your #1 security weakness?
David Cummings on Startups 
Wow, does your whole team use the 2-step login with the random 60s passwords?
We do. Employees in our industry are targets for phishing scams and other attacks to get access to our systems.
I think you have a valid point. We want to migrate to Gmail from Exchange but the lack of public folders is a current deal breaker
As has been stated time and time again “passwords simply aren’t enough anymore”. For me, the 30 seconds it takes to have the peace of mind that my account won’t get hacked and my credit card and personal information isn’t up for grabs is well worth it. I wish more organizations would start implementing 2FA.