How to Strengthen Your Email Security Settings
Try these 8 best practices to enhance your business’ email security
Email security is a critical component of every security program, as more than 50% of all cyber attacks originate from an email-based compromise, according to At-Bay security research.
The default security settings on most email service providers can be enhanced by following a list of security best practices, which is why At-Bay recommends strengthening your email security settings to avoid email compromise.
To prevent attackers from gaining access to your business email accounts, we recommend implementing these best practices and performing regular checks to ensure strong security controls are in place.
1. Implement multi-factor authentication
Multi-factor authentication (MFA) is a security setting that requires you to provide more than one method of verification to gain access.
We recommend implementing MFA on mail access for all of your employee and administrator accounts. The most common and safest verification method is an authenticator application, such as Google Authenticator, which At-Bay recommends over text messages or phone calls.
2. Use a dedicated administrator account
An administrator account typically has full privileges and complete access to your business systems.
We recommend using a dedicated administrator account when installing updates and software, managing user accounts, and modifying operating system settings. Read more about best practices for administrator accounts for both G Suite and Microsoft 365.
3. Disable automatic email forwarding
Automatic forwarding is a setting that allows you to automatically send new emails to another email address. Auto-forwarding may be convenient, but cyber attackers can exploit this function through phishing attacks to gain access to your system.
4. Implement a secure email gateway
A secure email gateway is like a firewall for your email. It’s a type of software that prevents emails containing malicious content from reaching your inbox — and it can protect your business from a cyber attack.
We recommend implementing a secure email gateway to add an additional layer of security to your mail provider. Read more about secure email gateways, including At-Bay’s recommended capabilities and preferred email security vendors.
5. Educate your employees
Train your employees to be aware of malicious links and attachments, as well as social engineering scams that focus on financial fraud, credential harvesting, and the exfiltration of sensitive information.
We recommend creating a culture of security awareness that will help reduce the likelihood of cyber attacks and help keep your business secure.
6. Brush up on best practices
Best practices often vary depending on your organization — and the best way to implement your own best practices is to get details from the source.
7. Secure remote access to your network
Use a virtual private network (VPN) to secure remote access to your internal network and refrain from other remote solutions, like Remote Desktop Protocol (RDP), which are often easy but highly vulnerable remote solutions. Attackers routinely scan the internet for open RDP ports to deploy ransomware.
We recommend using a VPN for remote access and following best practices to strengthen your VPN security settings, such as performing regular updates to the latest versions and applying access rules to limit access from certain geographic locations. We also recommend keeping access logs for an extended period of time and implementing MFA on all systems accessible from the public internet.
8. Patch and update your software when prompted
Did you know many vulnerabilities exploited in cyber attacks are known vulnerabilities with published fixes available? One of the easiest and most effective ways to keep your organization safe is by updating your software and operating systems in a timely manner.
We recommend monitoring for new updates and security alerts from your technology providers, as well as regular audits of all business software to ensure everything is secure and up-to-date.