Email security isn’t something to take lightly. For many companies, email is the most important form of communication. If someone gains access to your account it could open the door to a number of security issues. Below are what we consider to be the most important email security best practices that every organization should follow or know about.
Multi Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a common security measure to protect an account in addition to a password. Here’s how it works: after setting up MFA, when you enter your account login and password, you will also be prompted for a code. MFA codes are often given via an email, a text message, or through an “authenticator” app on your phone. This helps prevent someone signing into your account even if your password were to become compromised.
Protect against emails sent to your organization from people pretending to be the CFO, CEO or anyone else. This is a classic way to trick people on your team to send them sensitive information or even money.
For example, block or tag any email that reports to be “from” CarlBadman (your CFO) asking you to send him your bank account information because he is working remotely and needs it in a hurry.
For example, be notified when a rule is created that forwards email sent to Jenny over to firstname.lastname@example.org. That is a sure sign of an account being compromised and knowing it just happened lets you stop it immediately.
There has been a huge increase in scammers sending you emails with bad attachments, like “you have a voicemail” type emails. But really the attachment is a web page (HTML file) that directs you to login to your phone system to retrieve the voicemail.
Let us block those known bad file types from even getting to you in the first place.
Show a message or alert on every emailyou receive from outside of your organization. This helps warn your team to pay closer attention to emails from the outside, and helps protect them from possible spoofing attacks.
For example, if you receive an email “from” Sara Smith (your CEO) but there is a warning in the email that it is from an external sender, you immediately alert the person who opened the email that it is not a legit email.
Data Loss Prevention (DLP)
For example, automatically block every email that tries to be sent out that has a number/word like “123-11-9876” (formatted like a SSN) to stop people from sending sensitive data, either by accident or maliciously.
This can be customized for your organization to meet certain regulatory compliance or to match your specific needs. For example, you have accounts numbers that are 8 digits – 3 digits. We can make sure that format is blocked automatically for you.
Automatically capture and store data from email, social media, IM tools, collaboration platforms, and other digital communication channels, including every email or message sent and received. Meet regulatory compliance that requires you to archive all of your communication, and make it simple to comply with open records requests and internal inquiries, like if you suspect an employee of doing something illegal or if you need to maintain their email for HR reasons.