How many emails do you send and receive in a day? How many emails does your team send and receive in a day? I think most of us would agree: a lot. And let’s not forget that the content of many of your business emails likely include confidential information.

Here are 3 ways to secure your team’s email environment:

#1 Bolster system for email authentication.

Implement systems available to boost the security of your email authentication. Doing so can minimize opportunity for hackers to impersonate emails on behalf of an email address from your company. Consider implementing the following systems:

  • PF (Sender Policy Framework) – An email authentication protocol designed to prevent email spammers from using a sender’s domain for their own fraudulent purposes.
  • DKIM (DomainKeys Identified Mail) – An email authentication protocol that essentially allows a sender to apply a digital “signature” to outgoing emails that can be verified by the recipient’s mailbox provider through Domain Name System (DNS).
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) – Verifies incoming emails against both SPF and DKIM policies, and then fires off a report of its findings to the sender’s domain.
  • Forwarding Rules Policy – Disable the ability to forward emails to an out-of-domain address. A classic technique of hackers is to implement such a rule once they have compromised an email account. Removing the ability for auto-forwarding to an out-of-domain address spoils the hacker’s ability to create a spoof attack.
  • #2 Train your team.

    Ongoing, quality training on email security for your team is an important component of strengthening email security.

    Your team, the users of your company email accounts, need to know what to look for when they encounter a potentially threatening email, how to respond, and best practices to keep credentials and content of emails as private as possible or needed.

    One notable item training should cover is social engineering, a technique used by hackers write and send email messages requesting personal or otherwise sensitive information. These kinds of malicious emails are not always clearly marked or identifiable.

    For example, hackers sometimes send phishing emails claiming to be sources that the user can trust. These types of attacks are often aimed at gaining a response from the user which would contain private information or trick the recipient into installing malware onto the user’s device.

    Unfortunately, hackers’ tactics and trends are always evolving and shifting, so the importance of regular training on how your team can protect itself from these kinds of email attacks cannot be overstated.

    #3 Using Office 365? Check out these options to secure your email environment.

    • Microsoft Advanced Threat Protection (ATP) now called Microsoft Defender for Office 365 – This simple, inexpensive add-on to your existing Exchange Online email plan scans incoming emails for attached or embedded malware and malicious links. Office will quarantine malicious attachments and emails with malicious links. ATP protects you against malicious links and attachments.
    • Data Loss Prevention (DLP) – A content analysis engine that scans outgoing emails and flags any that violate organizational DLP policies. Designed to prevent the unwitting sharing of personally identifiable information, sensitive intellectual property, sensitive financial information, etc. DLP protects you from unwittingly giving away confidential or embarrassing information.

    For more information and for assistance with your team’s specific email security needs, contact our team at Advanced Imaging Solutions.

    Leave a Reply

    Your email address will not be published.

    You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>