Email Security Best Practices

February 7, 2022

Share This Post

Email security isn’t something to take lightly. For many companies, email is the most important form of communication. If someone gains access to your account it could open the door to a number of security issues. Below are what we consider to be the most important email security best practices that every organization should follow or know about.


Multi Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a common security measure to protect an account in addition to a password. Here’s how it works: after setting up MFA, when you enter your account login and password, you will also be prompted for a code. MFA codes are often given via an email, a text message, or through an “authenticator” app on your phone. This helps prevent someone signing into your account even if your password were to become compromised.


Spoofing protection

Protect against emails sent to your organization from people pretending to be the CFO, CEO or anyone else. This is a classic way to trick people on your team to send them sensitive information or even money.

For example, block or tag any email that reports to be “from” CarlBadman (your CFO) asking you to send him your bank account information because he is working remotely and needs it in a hurry.


Mail Rules

For example, be notified when a rule is created that forwards email sent to Jenny over to That is a sure sign of an account being compromised and knowing it just happened lets you stop it immediately.


Attachment Blocking

There has been a huge increase in scammers sending you emails with bad attachments, like “you have a voicemail” type emails. But really the attachment is a web page (HTML file) that directs you to login to your phone system to retrieve the voicemail.

Let us block those known bad file types from even getting to you in the first place.


External sender

Show a message or alert on every emailyou receive from outside of your organization. This helps warn your team to pay closer attention to emails from the outside, and helps protect them from possible spoofing attacks.

For example, if you receive an email “from” Sara Smith (your CEO) but there is a warning in the email that it is from an external sender, you immediately alert the person who opened the email that it is not a legit email.


Data Loss Prevention (DLP)

For example, automatically block every email that tries to be sent out that has a number/word like “123-11-9876” (formatted like a SSN) to stop people from sending sensitive data, either by accident or maliciously.

This can be customized for your organization to meet certain regulatory compliance or to match your specific needs. For example, you have accounts numbers that are 8 digits – 3 digits. We can make sure that format is blocked automatically for you.



Automatically capture and store data from email, social media, IM tools, collaboration platforms, and other digital communication channels, including every email or message sent and received. Meet regulatory compliance that requires you to archive all of your communication, and make it simple to comply with open records requests and internal inquiries, like if you suspect an employee of doing something illegal or if you need to maintain their email for HR reasons.


Need help getting your email inline with security best practices?

Reach out to us at 920-885-0141 or email and we will provide you support to get your email secure.

Subscribe To Our Newsletter

Get updates and learn from the best

Share This Post

More To Explore

Managed IT

Client Portal

Introduction Our client portal enables our clients to create, update, and view their tickets. A tour of the client portal Login We recommend bookmarking our login page in your web


WEC Compliance Package for Municipalities

We have extensive experience working with municipalities across the state of Wisconsin to become compliant with all the WEC’s requirements. See below for how we can help and our rates.