In 2022, we sent and received 333.2 billion emails globally – up from 306.4 billion in 2020. With figures like that, it’s easy to see why email remains the most common channel for both opportunistic and targeted cyber attacks.
Email security is a pretty big beast. After all, it has a lot to do. It covers everything we need to predict, prevent, detect and respond… to all 333.2 billion (and counting) emails.
1. Use passphrases instead of passwords. Passphrases are simply two or more random words put together. Numbers and characters can be added to strengthen them, for example: ToTheMoonAndBack!, RockNRoll007 or EasyTuesday? The less information a user needs remember, the less they are likely to write it down. You can encourage your team to do the same – or, if it’s not already, you could even make it company policy. Avoid words, names or phrases that would be easy to guess from social media profiles, i.e. family names, sports teams, significant dates like birthdays.
2. Don’t reply to spam or phishing emails. No-one wins. Well, THEY do. And no-one wants the hackers to win. If you’re even slightly unsure about the legitimacy of an email, just don’t bother opening it.
3. Keep your work email for work and your private email, well…private. Email is one of the key sources for data leakage, i.e. sensitive information leaked out in to the world of cyber doom. And you ain’t getting that back, without a gigantic price tag attached to it anyway.
4. Multi-Factor Authentication or MFA as it’s affectionately known. It’s so easy to install and use – in its most simple form, everyone who needs to access their email just needs an authenticator app, available from all good app stores.
5. Microsoft Defender for Office 365. Cue Sarah Connor…it really is as serious as it sounds. MDO delivers a wide range of security capabilities including inbound filtering, phishing defence and Data Loss Protection (DLP). It also integrates with Microsoft Defender (endpoint detection and response) and Azure Sentinel (Microsoft's SIEM). Our geek radar is supercharged.
Setting the standards high is crucial for anyone in a senior IT role. There needs to be training in place to educate your team, to empower them to work securely and confidently in the cloud. Ensuring procedures are in place in the instance of a compromised account will ensure the situation is isolated and dealt with quickly, and with minimum disruption to business continuity.
We’ve put together a few tips to share with your teams – whether they’re using a personal or business device, working onsite or remotely.
1. Send the least amount of sensitive data as possible via email. But if you really need to, please encrypt it!
2. Access email from secured networks you trust, such as the office or a VPN when working remotely.
3. Don’t access company email from a public WiFi connection.
4. Don’t open attachments or click on links in emails from unknown senders.
5. Passwordless methods like multi-factor authenticator and facial or fingerprint recognition will help improve secure access to your apps including Microsoft 365, Teams and Outlook – and protect accounts from identity attacks like phishing.
If securing your email is your number one priority, there are two other things that must be considered as part of the plan. Every member of staff with an email will access it with an identity and a device – so if the identity and device aren’t protected, it won’t really matter what you do with your email. A triple pronged fork of security if you will...
Steer clear of the most common email security mistakes companies make by getting your FREE report. Just enter your details to get your non-intrusive tailored analysis.