In 2020, we sent and received 306.4 billion emails, globally. Of course with figures like that, email remains the most common channel for both opportunistic and targeted cyber attacks.
It’s easy to see why email security is a pretty big beast. After all, it has a lot to do. It covers everything we need to predict, prevent, detect and respond to both attack and access protection…for those 306.4 billion emails.
This year Microsoft was named a Leader in The Forrester Wave: Enterprise Email Security 2021, beating off competition from Fortinet, Google, Mimecast and Sophos. Microsoft Defender for Office 365 received the highest possible score in the incident response, threat intelligence, and endpoint and endpoint detection and response solutions integration criteria.
- Higher level of security and protection
- Support for mobile devices
- Easy remote access
- Affordable subscriptions
- Easy scaling up of services
- No consideration for hardware and rack space needed
- No backups required
Here are our top five tips to improve your email security:
1. Use passphrases instead of passwords. Passphrases are simply two or more random words put together. Numbers and characters can be added to strengthen them, for example: ToTheMoonAndBack!, RockNRoll007 or EasyTuesday? The less information a user needs remember, the less they are likely to write it down. You can encourage your team to do the same – or, if it’s not already, you could even make it company policy.
2. Don’t reply to spam or phising emails. No-one wins. Well, THEY do. And no-one wants the hackers to win. If you’re even slightly unsure about the legitimacy of an email, just don’t bother opening it.
3. Keep your work email for work and your private email, well…private. Email is one of the key sources for data leakage, i.e. sensitive information leaked out in to the world of cyber doom. And you ain’t getting that back, without a gigantic price tag attached to it anyway.
4. Multi-Factor Authentication or MFA as it’s affectionately known. It’s so easy to install and use – in its most simple form, everyone who needs to access their email just needs an authenticator app, available from all good app stores.
5. Microsoft Defender for Office 365. Cue Sarah Connor…it really is as serious as it sounds. MDO delivers a wide range of security capabilities including inbound filtering, phishing defence and DLP. It also integrates with Microsoft Defender (EDR) and Azure Sentinel (SIEM). Our geek radar is supercharged.
It’s always good to lead the way, the right way.
Setting the standards high is crucial for anyone in a senior IT role. There needs to be training in place to educate your team, to empower them to work securely and confidently in the cloud. Ensuring procedures are in place in the instance of a compromised account will ensure the situation is isolated and dealt with quickly, and with minimum disruption to business continuity.
We’ve put together a few tips to share with your teams – whether they’re using a personal or business device, working onsite or remotely.
1. Send the least amount of sensitive data as possible via email. If you do need to, encrypt it.
2. Access email from secured networks you trust, such as the office or a VPN when working remotely.
3. Don’t access company email from a public WiFi connection.
4. Don’t open attachments or click on links in emails from unknown senders.
5. Passwordless methods like Multi-Factor Authenticator and facial or fingerprint recognition will help improve secure access to your apps including Microsoft 365, Teams and Outlook – and protect accounts from identity attacks like phising.
Identity and Device Security
If securing your email is your number one priority, there are two other things that must be considered as part of the plan… Every member of staff with an email will access it with an identity and a device – so if the identity security and device security aren’t protected, it won’t really matter what you do with your email. A triple pronged fork of security if you will…