Email Security Best Practices

When considering how to secure email within your business there are two main areas of focus to consider. The first of which is the system and processes deployed at the enterprise level; with the second area being the end users that use the email platform itself.

At the system level, implementing SPF, DKIM and DMARC email security protocols, along with a powerful spam filter, go a long way to securing your critical communications and help reduce spam, phishing and other email threats.

The addition of a Sender Policy Framework (SPF) record can help to protect your domain and mitigate spoofing. You can select which mail servers are allowed to send email from your domain. Then, when incoming mail servers receive email messages from your domain, they compare the SPF record to the outgoing mail server information. If the information doesn’t match, they identify the email message as unauthorized, to filter it as spam or reject it.

DomainKeys Identified Mail (DKIM) records verify that your company owns your email domain. This is done by sending domain-specific, encrypted keys with every sent email. While other email deliverability checklist items use exchange records to check their status, DKIM doesn’t follow these same rules since the encrypted keys are specific to your domain.

Domain-based Message Authentication, Reporting and Conformance (DMARC) policy allows a sender to show that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as rejecting the message or moving it to junk. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass or fail DMARC evaluation.

Most email platforms, including Datotel’s Microsoft Hosted Exchange and Office 365 have spam filters built-in and provide the end users the ability to add additional email filtering. This helps to block unwanted emails that include certain words, or come from particular senders.

While implementing these processes and systems takes time and money, it is undoubtedly worth it in the long run when you consider the annoyance and security risks imposed otherwise.

At the employee level, the overall theme to help secure your email is one of education. Ensure that not only your team understands what a strong password is, but that the passwords they are using are unique and different from any other logon credentials they use for other systems and apps. Additionally, education about the safety of password storage and security is imperative when educating your staff on best practices.

Periodic training and reminders around taking caution when opening email attachments and links within email is also important. While malware and virus scans will help prevent malicious emails from affecting your environment, they won’t stop everything every time. Indeed, phishing attempts are perhaps one of the largest areas of threats to consider and train your team around as they can be very hard for a system to identify. So some common sense and caution are one of the best lines of defense.

If you’d like to learn more about securing your email environment and corporate communications we’d love to talk with you.