Back to News Posts

Email Attacks Are on the Rise – 9 Layers of Email Security

By
April 17, 2023
Share this post

Here are nine layers of email security that you can implement to protect your business:

1) Multi-factor authentication: The simplest and the most effective way to prevent unauthorized logins. Every time you log in to your email (or any other system), you have to confirm it’s you on a separate device. This is typically done with your mobile phone, either by receiving a code or using an app to generate a code.

2) Monitoring for unauthorized email forwarders: Hackers can play a clever, long game just by accessing your email once. An unauthorized forwarder allows them to monitor communications. It doesn’t even need to be the email of a senior member of the team. It’s surprising (and terrifying) how much we give away, bit by bit, in our daily emails.

3) Proper email backup: Unless you have bought a specific email backup, your emails are not being backed up and are not protected daily. Not many people realize this. Having a proper backup is critical, as it gives your IT support company many more options if you are attacked. They can completely reboot your email account, safe in the knowledge you won’t lose a single email.

4) Artificial Intelligence (AI) screening of emails: So you have this contact called Jon. And then one day, he signs off an email with his full name, Jonathan. You might not think twice about it. But a good AI system would pick up on this sudden behavior change and investigate the email further. These systems can be very clever at spotting potentially dodgy emails from the tiniest symptoms.

5) Improved security endpoints: Endpoint security means each computer you use to access email is locked down and protected. There are many different ways to do this. From enhanced security on each device to prevent it from being used for risky activities. To encryption of the data on the device, meaning it’s worthless to anyone that steals it. And even as far as banning USB devices (you can plug them in, but they won’t work… meaning they can’t do any damage).

6) Office 365 advanced threat protection: Robust Microsoft protection working for you behind the scenes. Your IT support company should know the correct way to implement it for your specific setup.

7) Awareness training: The weakest link in any email security setup is… the humans. Because emails can still get past all of the defenses already listed, the last line of defense (and frankly, the best) is the human looking at an email with suspicion. There are some amazing awareness training courses available. They’re delivered online, so your team doesn’t have to go anywhere. They’re not dull or techy. They’re designed to be fun, and above all, to make your staff pause when they’re sent that dodgy link to click. That pause can save you thousands of dollars and days of hassle.

8) Cyber insurance: It could be worth taking out a cyber insurance policy if only to follow the basic standards laid out by the insurance companies. Their job is to reduce their chance of having to pay out, right? That means they’re highly likely to know what ‘best practice’ currently is. So follow their advice as part of your overall email security protection.

9) Set up business processes and make them the culture: Don’t let the boss change the process on the fly! If you have an internal process for approving payments, it needs to be followed every time… ESPECIALLY by the boss. Because it’s when the boss cuts corners that the chance of fraud jumps up dramatically; the weakest link is humans, remember. When it’s the boss, and everyone wants to please them, it opens the window for fraud and encourages everyone to break the rules. Great leaders realize they need to act the way they want their staff to act… even if it’s an inconvenience.

Credit: Yeo and Yeo