TIP OF THE WEEK

Best Practices for Securing Your Organization’s Email
Clear policies: Get IT and business leaders to formulate clear security policies, including email-specific ones.
Reinforcement: Make email security practices part of employee onboarding, ongoing training, and performance reviews.
Buy-In: Buy-in for the company’s security strategy from non-security peers is crucial for good security outcomes for SMBs.
Learning from incidents: Leverage email security incidents to address vulnerabilities and finetune policies.
Timely incident response: A companywide incident response plan (including notifications, responsibilities, response and mitigation workflows, reporting, etc.) must be regularly tested and updated.
Data Loss Prevention Program: A DLP program incurs costs, but the ROI is clear when a company can achieve near-zero RPO/RTO outcomes in response to ransomware or other data theft exploits.
Systematic management of email passwords: UK survey: 82% of security breaches over the previous year started with weak email passwords. IT should enforce strong, unique passwords that are updated regularly.
Clear reporting: Be able to demonstrate diligent tracking of email security metrics and effectively address incidents and vulnerabilities.
Proactive refreshing of email security stack: SMBs with a process in place to proactively refresh their security technology stack achieve superior security outcomes.
Two-factor authentication (2FA): An additional authentication step considerably hardens email security. There are plenty of freeware and commercial 2FA solutions out there.
Multiple, overlapping layers of defense: Sophisticated exploits require a multilayer defense based on email security gateways, anti-phishing or anti-malware tools, and threat intelligence solutions.