In a recent article we discussed 5 ways your organisation could get hacked. In this article we’ll explore the multi-layered approach to protecting your organisation against phishing and spam emails.
1. Provide cyber awareness training
Cybercriminals target weaknesses in organisations, with the human element providing a significant weak point that can be exploited. It’s easy for criminals to send spam and they only need a tiny success rate to potentially cause a serious cyber incident. This is why your users should be exposed to a variety of example threats to enable them to identify and report suspicious emails.
Regular training can also help to build a culture that encourages reporting suspicious emails and seeking help from your IT team.
We recommend implementing a service that allows you to run cyber security awareness campaigns where you can monitor results and gain insights into your organisation’s vulnerabilities.
2. Build a culture of reporting cyber incidents
Developing a culture that encourages employees to be aware of suspicious activity can be one of the most beneficial tools at stopping a successful attack from having a large organisational impact. Everyone should have the confidence to report threats and incidents to help to stop issues from occurring but also to help reduce the impact if an issue does occur.
3. Configure you email system’s security features
We would recommend checking that your IT provider or email provider has implemented email security guidelines related to the DMARC standard. This standard confirms the sender’s identity using SPF and DKIM. Full guidance from the UK government is available for using DMARC in your organisation.
Both Microsoft 365 and Google Workspace provide mail filtering and spam protection as part of their email services, allowing you to tailor the depth of filtering that is applied and how aggressive you would like to filter spam.
4. Implement an external email security service
In addition to tweaking your email provider’s in-built email filters, you can implement an external email security service. This acts as an extra layer of protection that checks all emails in real-time and provides a dedicated platform that continually adapts to spam and phishing threats. External email security services provide additional protection related to email content filtering, anti-virus scanning, data leak prevention, outbound email scanning and more.
5. Implement mailbox-level backups as part of your disaster recovery strategy
A key component of business continuity is to ensure you have solid backups that are preferably off-line or immutable. We recommend using an external service provider to safely backup your mailbox data to ensure it can always be restored. The backup of your mailboxes should follow the same procedure as your organisations data (whether stored in the cloud or on-premises) by following at least the 3-2-1 backup principle.
How we can help
We manage, monitor and maintain data for organisations across both Microsoft 365 and Google Workspace. We have expertise across all of the recommendations in this article, providing consultation and implementation of our recommended solutions for cyber awareness training, email security and backups. Contact us to find out more.