Email Security

    Home / Security / Email Security

Email is one of the most common routes used by cyber attackers for malicious activity. Implementing proper email security controls is fundamental for all organisations regardless of what data is processed.  

Labyrinth have been contracted to manage the response to a number of cyber security incidents, most of which were the result of inadequately protected email systems. These incidents were all for small businesses and resulted in financial losses of up to tens of thousands of pounds each.  

94% of malware comes through Email, but this is not the only threat to consider.

Through Phishing and Business Email Compromises (BEC) cyber attackers gain access to email accounts to leak confidential data and send fraudulent communications (such as requests for invoice payment) for financial gain.

Multifactor Authentication

Multifactor authentication is where users are required to enter their password and a second form of authentication (usually a temporary code sent to an app on their mobile phone) any time they set up a new device or sign in to a web portal. Multifactor authentication is available as standard at no extra cost on virtually every cloud business system today including Microsoft 365 so there really is no excuse for implementing it.

With multifactor authentication, a user’s Email account cannot be breached with the password alone which means it is virtually unbreachable. It is one of the most effective controls that can be implemented.  

Email Security Software 

Email security software solutions like Microsoft Defender, Symantec, Vade or Mimecast are essential to providing protection against: 

  • Phishing emails (where a cyber attack poses as a legitimate person or business often for financial gain) 
  • Malware attached to emails 
  • Malicious links within emails 
  • Spam (nuisance emails) 

User Awareness Training 

Some malicious emails will inevitably slip through the net, so it is important that users know how to spot them. In particular, finance teams should have clear processes in place for validating invoices received via email.  

Labyrinth provide end user training material to all of our managed support clients. We also partner with uSecure to deliver a low cost user security awareness platform, featuring training videos, simulated phishing attacks and more.  

Encryption and Mobile Device Management  

Any devices used to sync emails should be encrypted and password protected. For mobile devices, this can be enforced using Mobile Device Management (MDM) tools such as the built-in version provided with most Microsoft 365 licenses.  

Mobile Device Management tools can also be used to remotely wipe devices if they are lost or stolen and usually do not infringe on user privacy.  

Windows and Mac devices can be encrypted using the built-in Bitlocker and FileVault tools.  

Individual high-risk emails can be encrypted if required using add-ons and third–party tools.  

Menu

Request a Call Back





    Contact us Now for Unparalleled Email Security

    Our approachable staff will use plain English and not confuse you with technical jargon. We will never make you sign a long contract and we guarantee to respond within an agreed timeframe. And we will never oversell and will always work on the principle of ‘best advice’.

    Contact Us

    Frequently Asked Questions

    • Through our managed security service plans we will look after the core elements of your cyber security systems and help fulfil the role of CISO (Chief Information Security Officer), giving you peace of mind that your data and systems are protected. Many of our managed security services are also bundled into our core Managed IT Support plans. We will recommend a plan that best fits your needs and budget, so whether you have 5 or 100+ employees we can deliver a managed security service that properly balances likelihood vs impact vs cost. We’ll assess the impact cyber crime might have on your business, and take every possible measure to prevent anyone falling victim to them, and deliver this by cyber security awareness programs, system updates, data backups, and being fully conversant with the latest known threats, risks and vulnerabilities. By doing this we will always be able to recommend and deliver the software and hardware necessary to reduce the potential for security breaches.

    • Yes, that goes without saying. But we would stress that we always want to anticipate potential faults and resolve them before they become a serious issue. Patch or fix deployment will, if possible be done when the machine is not is use, and system updates, the enhancement of security features and proactive procedures are always carried out to help eliminate data loss.