How to Improve Email Security in 2020

Managed IT ServicesTechnology
With the dust of 2019 settled, we can now look at cybersecurity for the year ahead with a fresh perspective. One important area to focus on is email because no business is removed from the threat to this critical communications tool.

It remains to be the primary gateway for hackers. While you may have already taken steps to secure your email, advancements in malware and delivery tactics demand an equally updated defense strategy. Below is everything you need to know to prepare for the year to come.

5 Steps to Better Securing Your Organization’s Use of Email in 2020 and Beyond 

1. Switch to a More Secure Email Provider

You need to switch to an email provider that employs artificial intelligence (AI) to offer real-time protection against advanced threats. Subscribers to MS 365 and Outlook enjoy this feature. However, you may already be using MS 365 applications including Outlook for email and have heard that there are vulnerabilities. The truth is that most organizational users are not leveraging advanced security settings to better protect email. For instance, you can create settings that force password protection. You can preset a maximum password age (i.e. 30, 60, or 90 days) and complexity for email access and add a list of trusted devices to your organization’s MS accounts. In addition, Microsoft Secure Score will help you gain visibility into your security posture with respect to the email applications you use, even when coming from a third party.

2. Lock Down Your Computer Systems

There are some very nasty computer viruses making their way around the corporate world via email phishing campaigns in 2020. These include Astaroth Trojan, REvil (aka Sodinokibi), Spidey Bot, and Emotet, but there are more being created by malicious individuals and groups as we speak. You may learn more about these computer viruses here, but what’s more important is that you take direct steps to prevent them from infecting your hardware, those used in-office and offsite by remote staff. Please take note of the following:
  • Install a premium antivirus (AV) and firewall
  • Perform hardware and software updates in real-time
  • Use a more secure email provider and productivity tools (i.e. via MS 365)
  • Establish multi-factor authentication (expanded upon below)
  • Data backups to the cloud to create redundancy
  • View more on computer security tips in the workplace 

3. Adopt Multi-Factor Authentication (MFA)

MFA protects company hardware (and respective users’ email) when it falls into the wrong hands. When your organization’s onsite and offsite (laptops, smartphones, tablets, etc.) hardware is protected by MFA or two-factor authentication you won’t have as much to worry about should devices be lost, stolen, or handled without permission. Without the required password in addition to a fingerprint, facial scan, or other feature unique to (or in possession of) a permitted user, a device and subsequent email access will remain out of touch. 

4. Train Staff on More Secure Email Practices 

The greatest defense against email threats is actually not based in AI and machine learning, but good ol’ fashioned human intel and intuition. Of course, the converse is true when your human resources are not armed with knowledge about what to watch out for when using their email on a day-to-day basis. For example, a recent (January 2020) phishing scheme cost a small organization a total of $2.3 million USD. Cybercriminals were not successful because of advanced ransomware or a data wiping incident, but because recipients were tricked into fund transfer requests. These instances are running rampant around Canada as well, with cybercriminals using doppelgänger domains to hijack internal conversations and trick recipients into thinking that they are conversing with (and transferring funds at the request of) executives in their own company.
 
Fully Managed has already created easy-to-follow guides to inform your staff about what to look out for when it comes to phishing and its equally dangerous siblings - SMiShing and Vishing. Share this article on SMiShing and Vishing prevention with your entire company so they know what to look for.

5. Have an IT Support Firm Audit Your Email Systems

If you really want peace of mind that your email systems and protocol is protected against the advanced threats, you need to bring in an IT support firm to perform a sweeping assessment. Contact Fully Managed today to discuss email security and other ways we can assist with more secure digital transformation for 2020 and beyond.