Eddie Mahdi

Do’s and Don’ts of Email Security

The Do’s and Don’ts of Business Email Security

Can you name a business that doesn’t use emails?

Emails today are an essential communication tool for organisations right across the world, especially now that remote working has become more of the norm.

But while emails enable you to be more accessible, they also pose potential security risks for your company. When left unsecured, emails can pave the way for spam campaigns, malware, phishing and identity theft.

So, to safeguard your organisation from any of these dangers, here are some important email security measures and tips that can help.

Why is email security important?

Email security refers to the procedures, techniques and measures that protect your email communications, accounts and content against unauthorised access, cybercrimes, online risks and other viruses.

Because most individuals and businesses rely on the use of emails nowadays, malicious attackers are using these messages to exploit crucial data that can cause financial and reputation damage. One wrong click by your staff can lead to the spread of malware or phishing attacks right through your network.

Therefore, it’s essential to have strong security measures in place. However, what’s right for your business? It’s important to distinguish between beneficial solutions from those which can only weaken your email defence.

Here are some pointers to guide you.

What are the do’s and don’ts of email security?

Mainstream platforms like Microsoft 365 have built-in email security features designed to keep your business’ assets and information safe. Knowing how best to use these features and implementing other security measures will enable you to prevent emails from being an entry point for cybercriminals.

To practice good email security, here are some dos and don’ts to keep in mind:

  1. DO take advantage of Exchange Online Protection.

Exchange Online Protection (EOP) is available in all Microsoft 365 organisations with Exchange Online mailboxes. As a cloud-based filtering service, EOP offers spam, phishing and malware protection. It also prevents bulk mail, provides spoof intelligence and detects impersonation.

  1. DO optimise Microsoft Defender for Office 365.

Microsoft Defender for Office 365 offers prevention, detection, investigation and hunting features to protect your emails and other Microsoft 365 resources. It equips you with threat protection policies and reports to safeguard your enterprise from unauthorised access, business email compromise and potential cyberattack risks.

With Microsoft Defender for Office 365, you can ensure safe attachments, safe links, protection for workloads (SharePoint Online, Teams and OneDrive for Business) and time-of-click protection in email, Office clients and teams. Microsoft Defender for Office 365 also equips you with anti-phishing as well as user and domain impersonation protection features.

  1. DO use mail flow rules whenever applicable.

Mail flow rules are like Email Inbox rules that are available in Outlook. Exchange Online organisations or standalone Exchange Online Protection (EOP) organisations without Exchange Online mailboxes can utilise these mail flow rules to determine and act on messages that flow through the organisation.

Through an extensive set of conditions, exceptions and actions, mail flow rules can be configured to block things, add disclaimers and ensure that only the right messages will be received.

  1. DON’T rely completely on Outlook Safe Senders.

Outlook Safe Senders is often used to prevent occurrences of false positives (good emails that are marked as bad). However, this feature should be a temporary solution only. It’s still possible that those you have listed as trusted senders can deliver malware or other malicious content.

So, it’s recommended that you enable EOP and Microsoft 365 Defender to filter your messages and just file a report if there are cases of false positives.

  1. DON’T depend solely on the use of the IP Allow List.

Through the IP Allow list, you’ll be able to add a number of approved IP addresses that your organisation can receive messages from.

However, emails from your IP Allow List are not subject to spam filtering and sender authentication (SPF, DKIM, DMARC) checks. This can increase the threats to malware or phishing, as messages aren’t filtered completely.

What you must do, then, is limit your allowed IP addresses and use additional verification, like mail flow rules. Together, they provide a more robust email security measure.

  1. DON’T risk your organisation by utilising allowed sender lists and allowed domain lists.

Allowed sender lists and allowed domain lists are more effective for temporary testing rather than a permanent solution. They aren’t always recommended because emails from sources in these lists automatically bypass all spam, spoof and phishing protection and sender authentication (SPF, DKIM, DMARC). This has the potential to let in security threats. So, it’s best to avoid these options as much as possible.

  1. DON’T be afraid to be extra vigilant.

It may sound cliché now, but prevention is always better than cure. You must encourage your employees to be careful when opening emails, downloading attachments and clicking suspicious links. It’s also recommended to use strong passwords and implement two-factor authentication.

Better yet, you can seek the help of IT security experts like Centrix to assess your business email and cybersecurity levels. Our team will evaluate your systems and provide solutions to ensure that you, your team and your organisation are fully protected.

Let Centrix take your email security to the next level.

Your emails are an essential daily tool and an important part of your operations. Don’t risk them compromising your business.

We help small businesses all the way up to corporate organisations to succeed by managing, supporting and protecting critical IT infrastructure.

At Centrix, email security is part of our multi-layered security approach. By enhancing your email and web security, we protect you from the potential recovery and repair costs that are associated with data breaches and other attacks online.

Backed with our extensive knowledge and expertise, Centrix is ready to empower your whole team with comprehensive IT Service Packages, Cybersecurity Protection and Managed Services.

So, are you ready to thrive in today’s digital landscape?

To start, book an IT Health Check or contact us today.



Schedule a free consultation with a Centrix expert to ensure your data is safe and secure. No obligation – just peace of mind.

    Leave a Reply

    Your email address will not be published. Required fields are marked *