4 easy steps to enhance the security of your company’s email
By Michael Abboud, CEO, TetherView
Email remains the primary point of entry for hackers seeking to breach your organization’s network. But most small businesses simply do not have the resources to properly hire a dedicated email security specialist. If your business uses Microsoft Office 365, these four steps are easy to implement and can drastically improve the security of your email.
# 1 Set up Multi-Factor Authentication
Why it’s important
Your employee’s personal account was hacked. You feel for them, but as far as your company’s security goes, it’s not your problem, right? Think again. If your employee uses the same password to access your company’s network as the password that was stolen from their personal account, cybercriminals might be able to breach your network.
How multi-factor authentication keeps your network safe
Multi-factor authentication requires your employees to provide at least two pieces of evidence to verify their identity. For example, if someone is logging into your network on a new device, that person will have to confirm their identity by responding to an email or text message (in addition to providing their network password). Requiring at least two steps with multi-factor authentication will help you prevent hackers from breaching your network with stolen log-in credentials.
You should also force your employees to access your network with Single Sign-On. Single Sign-On is an authentication method that allows users to securely authenticate with multiple applications and websites by using just one set of log-in credentials. Using Single Sign On allows you to enforce stricter password requirements (and makes your employees’ lives easier by eliminating the need to remember multiple passwords for different applications).
# 2 Use a Dedicated Administrative Account
Why it’s important
One word: Ransomware. You’ve heard the horror stories. Business owners at the mercy of cybercriminals who have taken a company’s network hostage. All your important documents. Your clients’ sensitive personal information.
Imagine being locked out of your own network and having this data in the hands of a hacker…your business operations ground to a halt. It’s no wonder cyber-insurance premiums are on the rise.
Secure your global administrative account
Your administrative account is the holy grail for cybercriminals. By gaining access to your administrative account, a hacker can quickly take control of your entire network. Using multi-factor authentication for your administrative account is a good first step but an account of this importance requires additional security controls. Set up a separate, dedicated administrative account with log-in credentials that are different from all your other user accounts. A dedicated administrative account greatly reduces the threat of this important account falling into the wrong hands.
# 3 Zero Trust – Always Assume Your Employees Will Click the Bad Link
Why it’s important
Murphy’s law. Anything that can go wrong, will go wrong. Phishing schemes are becoming more sophisticated than ever. Train your employees to understand phishing attacks but prepare your business for a world where your employees click on the bad links.
How to mitigate this risk
Screen emails, links and attachments in a sandbox server that is disconnected from your primary network. Microsoft’s “Safe Attachments” provides an additional layer of protection by using a virtual environment to check attachments in email messages before they are delivered to recipients (a process known as detonation). You should also make sure that Windows’ built-in administrator account is turned off on your users’ local desktops.
# 4 Establish alerts to monitor suspicious activity more effectively
Why it’s important
The best offense is a good defense. Setting up a robust monitoring system can help you detect threats before a breach.
What you should monitor
- Administrative changes
- New user creation
- Forwarding rules (Stop auto-forwarding for email)
- Data loss protection
- Failed login attempts
Last but not least, be sure to train your employees. Your employees are on the front lines and act as your first line of defense. The better prepared and educated your employees are, the safer your network is. Regularly send test “phishing” emails to your employees and give users an easy button to flag suspicious emails. Set aside ten minutes each month to provide them with tips and tricks to improve efficiency (and cybersecurity).
Educated employee, safer network. Not quite as catchy as happy wife, happy life…but you get the point.