Female employee using Microsoft Defender to send email securely in the cloud with Azure.

Top tips for improving email security in the cloud.

Posted 05 January 2023 by Laura

In 2022, we sent and received 333.2 billion emails globally – up from 306.4 billion in 2020. Of course with figures like that, it’s easy to see why email remains the most common channel for both opportunistic and targeted cyber attacks.

Email security is a pretty big beast. After all, it has a lot to do. It covers everything we need to predict, prevent, detect and respond… to all 333.2 billion (and counting) emails.

In 2022 Microsoft was named a Leader in Forrester's Enterprise Detection and Response Wave report. Microsoft Defender for Endpoint received the highest score possible in 15 separate criteria including endpoint telemetry, investigation capabilities, threat hunting capabilities, user experience, product vision, and innovation roadmap. 

And the accolades don't end there. In 2021 Microsoft was named a Leader in Forrester's Enterprise Email Security 2021, beating off competition from Fortinet, Google, Mimecast and Sophos. Microsoft Defender for Office 365 received the highest possible score in the incident response, threat intelligence, and endpoint and endpoint detection, and response solutions integration criteria.

  • Higher level of security and protection
  • Support for mobile devices
  • Easy remote access
  • Affordable subscriptions
  • Easy scaling up of services
  • No need to worry about hardware and rack space
  • No backups required
Here are our top five tips to improve your email security:

1. Use passphrases instead of passwords. Passphrases are simply two or more random words put together. Numbers and characters can be added to strengthen them, for example: ToTheMoonAndBack!, RockNRoll007 or EasyTuesday? The less information a user needs remember, the less they are likely to write it down. You can encourage your team to do the same – or, if it’s not already, you could even make it company policy. Avoid words, names or phrases that would be easy to guess from social media profiles, i.e. family names, sports teams, significant dates like birthdays.

2. Don’t reply to spam or phishing emails. No-one wins. Well, THEY do. And no-one wants the hackers to win. If you’re even slightly unsure about the legitimacy of an email, just don’t bother opening it. 

3. Keep your work email for work and your private email, well…private. Email is one of the key sources for data leakage, i.e. sensitive information leaked out in to the world of cyber doom. And you ain’t getting that back, without a gigantic price tag attached to it anyway.

4. Multi-Factor Authentication or MFA as it’s affectionately known. It’s so easy to install and use – in its most simple form, everyone who needs to access their email just needs an authenticator app, available from all good app stores.

5. Microsoft Defender for Office 365. Cue Sarah Connor…it really is as serious as it sounds. MDO delivers a wide range of security capabilities including inbound filtering, phishing defence and Data Loss Protection (DLP). It also integrates with Microsoft Defender (endpoint detection and response) and Azure Sentinel (Microsoft's SIEM). Our geek radar is supercharged.

It’s always good to lead the way, the right way.

Setting the standards high is crucial for anyone in a senior IT role. There needs to be training in place to educate your team, to empower them to work securely and confidently in the cloud. Ensuring procedures are in place in the instance of a compromised account will ensure the situation is isolated and dealt with quickly, and with minimum disruption to business continuity.

We’ve put together a few tips to share with your teams – whether they’re using a personal or business device, working onsite or remotely.

1. Send the least amount of sensitive data as possible via email. If you do need to, encrypt it.

2. Access email from secured networks you trust, such as the office or a VPN when working remotely.

3. Don’t access company email from a public WiFi connection.

4. Don’t open attachments or click on links in emails from unknown senders.

5. Passwordless methods like multi-factor authenticator and facial or fingerprint recognition will help improve secure access to your apps including Microsoft 365, Teams and Outlook – and protect accounts from identity attacks like phishing.

Identity and Device Security

If securing your email is your number one priority, there are two other things that must be considered as part of the plan… Every member of staff with an email will access it with an identity and a device – so if the identity and device aren’t protected, it won’t really matter what you do with your email. A triple pronged fork of security if you will...

If you'd like to find out more about how we can help support your IT team to deliver super-secure cloud solutions, book a quick call with us. 

Interested but not quite ready to talk? Sign up for updates using this simple form.


This post was originally published 13 December 2021 and updated 5 January 2023.