5 email security basics for every type of business

Email security can be hard. While making sure your business infrastructure is protected from threats like phishing attacks, business email compromise and ransomware hits is a must, knowing how to lay the foundations for your email security framework isn’t as easy as it might sound.

Just one quick Google search for the ‘best email protection’ will highlight the amalgam of offers out there, all aimed at securing your posture in an ever-growing threat landscape. There are masses of products on the market, a sea of solutions to choose from, and reams of ‘best-practice’ advice. 

But stripping it all back, what essential building blocks should make up the foundation of your business’ email security posture? In this blog, we’ll cover the 5 email security measures every business should have in place.

1. Secure Cloud-Based Email Hosting 

In its simplest form, cloud-based email gives businesses the tools they need to send, receive, and store messages via the internet. Whereas in the past, email client software was installed on computers to send and receive email, cloud-based hosting enables this to be done via a browser. 

This means that businesses and users can access their email from anywhere, aren’t weighed down by servers, can easily recover lost data in an emergency, and scale up or down in line with their business. 

From a security standpoint, cloud email hosting is the way forward. Not just because of the ease of use it offers, but because most cloud-based solutions offer maintenance and essential security like DMARC, 2FA, and good spam filtering as part of the package. 

Two of the most popular cloud-based email vendors are Microsoft M365 and Google Workspace.

2. DMARC policy in p=reject

If your business uses email in any capacity to communicate with customers, employees, or suppliers (let’s face it, this is most businesses), then it’s absolutely essential that your DMARC policy is configured at p=reject.

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance, and it’s a globally standardized protocol which was founded in 2012. When configured correctly in p=reject, it protects your domain against exact impersonation using existing security protocols SPF and DKIM. This means that no bad actors can send fraudulent or phishing emails while pretending to be you by impersonating your domain.

By implementing DMARC, you’re protecting your customers, employees, supply chain and brand reputation from the often devastating effects of phishing scams, spear phishing, business email compromise, ransomware attacks, and more. You’re also contributing to the improved security of the wider email ecosystem. 

But there are other more business-based benefits of implementing DMARC too, such as improved deliverability and better inbox placement. This is because by implementing DMARC, you’re telling recipient servers that your emails are coming from a valid source. Then there’s Brand Indicators for Message Identification, or BIMI for short. Perhaps one of the most beneficial rewards for marketers, BIMI lets businesses attach their registered logo to any DMARC-authenticated emails they send. Not only does this boost brand impressions, but we found that showing a logo on an email positively impacts how the recipient interacts with it too.

As mentioned above, if you’re using a cloud vendor like Microsoft M365 or Google Workspace then good news, you’ll already have DMARC in place. But if not, then correct DMARC configuration is a must-do, both for the security and marketing benefits it provides. But we won’t lie, whiteknuckling the DMARC journey alone isn’t advised. It can be very difficult, and if done incorrectly, it can actually lead to more issues to do with deliverability. But that’s where our award-winning product OnDMARC comes into play, making DMARC configuration quick, easy and painless for everyone. 

Find out more

3. 2 Factor Authentication 

2 Factor Authentication (2FA) is essentially the practice of setting up an added layer of security to your email logins. It works by allowing an application to link your user to an authentication mechanism (i.e. an authenticator app). Each time it’s used, a unique verification code is generated and recognized by the application to confirm that your login is valid. 

2FA is an essential component in the quest to keep email accounts throughout your organization secure. This is because it protects from account takeover, especially if and when passwords are reused and leaked.

4. Password Management 

There’s a password for everything nowadays. And while it’s never a good idea to reuse or share passwords across devices, having a different one for every application and simultaneously conjuring any one of these up in your mind in your moment of need can be really challenging. 

So, a password manager does exactly what it says on the tin, securely storing the different passwords for your various accounts across the internet in one easy-to-access place. (That is of course, unless you forget your master password for that too).

We’ll admit, it’s not the most intuitive or high-tech solution to this seemingly universal problem. But until there’s a better approach, a Password Manager can be a useful way to ensure your passwords are secure and accessible. However, it’s worth remembering that while having a password manager is recommended, it’s never a substitute for 2FA. 

Google Chrome offers a free password manager, but there are also more advanced options like LastPass too. 

5. Spam Detection and File Scanning

While putting the right outbound email protection in place is vital, most businesses will also want to rest assured knowing there’s a sufficient layer of security identifying, mitigating and solving inbound email threats too.

That’s where Spam Detection and File Scanning solutions come in, examining inbound emails and attachments for all manner of threats. Most cloud-based vendors and more traditional SEGs offer these as part of their service. But if you’re not using one of these, it’s still an important extra layer to add to your foundational email security setup.  

Take the first step towards more secure email today

We hope this blog is useful in offering a straightforward run-down of the measures most essential for your business’ email security. To make a start on one of the most important steps today, sign up for your free OnDMARC trial below!

PUBLISHED BY

Sabrina Evans

5 Aug. 2021

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more
DMARC

Mail Check is changing: What UK public sector organisations must know about…

Jack Lilley

The National Cyber Security Centre (NCSC) has suggested a change to Mail Check services starting on 24 March 2025. This change mainly involves ending DMARC aggregate reporting. This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of…

Read more
DMARC

Beyond DMARC: How Red Sift OnDMARC supports comprehensive DNS hygiene

Red Sift

Registrable domains and DNS play a crucial role in establishing online identity and trust, but their importance is often taken for granted. During new service setups, record updates are often overlooked, accumulating outdated entries. As infrastructure teams become increasingly overstretched,  services may be incorrectly shut down without proper cleanup, leaving behind a sprawl of…

Read more
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more