Email Security Best Practices

With a large portion of the workforce working remotely, businesses’ reliance on cloud email has reached all-time high, along with the risk that users and organizations are facing daily. Cloud email is becoming a favorable target among cyber criminals to breach company data. They exploit frequent email misconfigurations, inadequate security and protections.  It's imperative that businesses have a robust email security technologies in place, as almost every business in the world uses email to communicate. Email is widely used by cyber criminals because it is cheap, easy to use, and has numerous vulnerability points that can be exploited. 


Increasing Risks

According to recent studies by cybersecurity experts, more than 90% of cyber attacks start with a malicious email. The digital attack surface continues to increase with the widespread adoption of cloud platforms. Businesses now have more touch points than ever before, providing cyber criminals an easy entry into corporate networks if email is inadequately secured. Many workers use insecure networks and devices shared with other users, such as public Wi-Fi in a coffee shop, further increasing the risk of a data breach. It is highly recommended to set up proper security, such as a VPN, to protect your company data with remote employees. 

Many cyber criminals are using Business Email Compromise instead of common phishing scams because many companies have anti-spam filters and many people can recognize phishing emails. Business Email Compromise is when cyber criminals pretend to be a trusted company, an employee, or a vendor. They do this by making fake domains, email addresses, and logos. They can also do this by gaining unauthorized access to an email account from the company. Many anti-spam filters don’t detect Business Email Compromise because it’s more sophisticated than a phishing attack. Some ways to protect again BEC are to use multi-factor authentication, establish processes for validating payments, and training users regularly on known and emerging threats. 


Common Email Providers

Many companies, especially small businesses, still rely on the basic security settings that are provided by their email service provider. According to Gartner, the cloud-based email market is primarily dominated by Microsoft Office 365 and G Suite. Despite built-in security defenses, 40% of Office 365 customers have experienced credential theft nevertheless. Purchasing third-party security tools can be expensive, and the email security market is extensive, consisting of older technologies that were developed to secure on-premise email networks, and newer technologies that are made to protect against emerging threats that have come with moving to a cloud based infrastructure. 

In order to make Office 365 or other similar platforms safe for business use, businesses must implement layered security defenses that prevent both known and emerging attacks. These critical additional layers of security should be able to provide real-time cybersecurity business insights that can be leveraged to improve decision-making and enforcement of company security policies. Other tips for fortifying your email account include:

  • Choosing a strong and unique password, and enabling multi-factor authentication. Consider changing the password every few months. 
  • Enable mailbox auditing and unified audit logging in the Security and Compliance Center (Office 365)
  • Disable legacy email protocols unless they are required 

One issue that also makes small businesses more vulnerable to attacks, is the fact that some small companies do not think that their company is worth attacking compared to larger companies. However, cyber criminals know that small businesses often lack the proper security to prevent against attacks, making them a perfect target. Every business is a target, and potential victim to a ransomware, or other type of attack. 


How to Enhance your Security 

Small-medium sized businesses are a disproportionately large target for ransomware attacks, with 60% of these companies going out of business within six months of an attack. The aftermath of a security breach is costly, and smaller businesses can struggle to recover without the proper solutions in place. Selecting a supplementary solution that is accompanied by fully-managed services can further enhance email security, maximize productivity, simplify deployment and ease the load on your IT department by assisting with setup and providing the ongoing system monitoring and maintenance required to keep you safe. By putting Vigilant in charge of your critical office applications, backups, and security, you're putting your business in the hands of certified professional software and hardware engineers, with extensive backgrounds in Cloud services and design, providing Federal-level security and operational integrity.

Vigilant Managed Services provide your business with the same level of service and security as we provide to the Department of Defense, the Department of Justice, and several international airports. Vigilant Managed Services gives you peace of mind, providing the Vigilant team with a clear picture of your overall infrastructure - the locations and statuses of your laptops, desktops and server equipment; the status of your overall software-defined cloud environments; the level of application licensing, application versions, and provisioning; and the level of backup storage you've purchased, and when it should be expanded or streamlined. Plus, you get the benefit of regular system and status reports every month.

Contact the Vigilant team today to find out more about Vigilant Managed Services. For a limited time, you can receive a full hour of engineering support plus standard monitoring of up to 5 devices in your current environment, for only $125 per month. Talk to our staff about setting up a basic monitoring package today and let Vigilant help you find the gaps in your security, your backups, and your cloud environment, and set up a secure and effective cloud-based business environment for you.

Topics: Data security, Remote Work, cyber security, email security, managed services