How To Configure Your Email Security Settings for Outlook & Gmail
Niek Dekker
5 Min
Business email compromise (BEC) & email scams are one of the fastest growing cyber-threats that Australian organisations face. Cyber criminals targeting organisations through emails are becoming more prevalent each year.
What’s more worrying is in 2021, employees received an average of 14 malicious emails according to Tessian research. All it can take to cause a data breach, or exploit your network security, is one click on a malicious link or attachment.
However, Australian organisations can take charge of their cybercrime strategy to prevent severe consequences. Before implementing best practices & prevention methods, it’s important to note the significance of email security and what you can do to review your email security settings.
In the second week of the annual October Cyber Security Awareness Month, we explore how you can review your accounts payable department email security settings for Outlook & Gmail.
Importance of Email Security for CFOs
There’s no denying that in 2022, every enterprise and finance team should be prioritising cybersecurity in their organisation. Although, when it comes to email security, CFOs should work with IT professionals to help employees set up their email security of the highest calibre.
Most accounts payable departments incorporate complex passwords or two-factor authentication (2FA). However, there are better security protocols that can enhance your security measures in emails.
For instance, a 2019 Global Data Risk Report by Varonis reported a staggering 53% of enterprises left over 1,000 sensitive files, and folders unencrypted and open to all employees. This highlights that enterprises are not fully optimising their email security settings, or implementing other security measures.
To stay protected against malware, BEC attacks and employee negligence, CFOs must integrate an email security solution with several core capabilities such as:
Anti-phishing
Malware protection
Data loss prevention
Account takeover prevention
Next, we look into what you can do to maximise your Outlook email settings & Gmail settings.
How to Review Your Email Security Settings
When onboarding AP clerks, it’s best practice to proactively review their email account security.
This can prevent cyber attacks and increase your chances of regaining control if their email has become compromised. Here are a few tips to get you started in reviewing your Microsoft Outlook security settings.
Once logged in, select your profile which is located in the right side corner
Click security located on the top bar menu
This will take you to a screen “security basics”. Then click “change my password”
Enter your current password
Click “save”
It’s best practice to come up with a 16-character password involving upper and lower-case letters, numbers and special characters.
Organisations are strongly encouraged to create a new strong password every 2-3 months to minimise the risk of a cyber threat. If you’re unable to remember every strong password created, consider investing in a password manager.
Step 2: Setting up Multi-Factor Authentication (MFA)
Once logged in, select your profile which is located in the right corner
Under your profile name, click on “view account”
Under “my sign-ins”, click review recent activity
Here you can review all your recent login activities such as the time of login, day, location, IP address, operating system and Outlook email account.
For more instructions on reviewing your Outlook security settings, visit the ACSC step-by-step guide that can assist your accounts payable department in email security.
Turn on enhanced safe browsing and follow the prompts in reviewing each security protocol
Step 2: Managing third-party access
When visiting the security section of your account. You can review which third-party app has access to certain sensitive data in your Google account like your Gmail, photo albums, Google Drive or Google calendar. This includes the following:
Your contacts, private correspondence or sensitive documents like attached copies of bank accounts, medical reports, company reports, etc.
Your photo albums that may contain official company documents, invoices or contracts
Your financial records, official reports or presentations
Company appointments, meetings or locations
It’s best practice to review and restrict your personal information being accessed by certain third-party apps.
Step 3: Inspecting Security Events
In the security section of the menu
Select “review security activity”
Reviewing your recent security activities is best practice as a monthly security routine to identify any suspicious activity. If you recognise any unknown security events, then you should consider in securing your account.
This will signal Google to lock your account and prompt you to change your password immediately. For a comprehensive guide, visit the ACSC website.
The Bottom Line
CFOs and IT administrators should collaborate extensively when following security best practices to help strengthen the security and privacy of the organisation’s data. Maximising each security practice will reduce the risk of a data breach.
If you are looking to implement further email security enhancements, you can do so by viewing the Google Workspace. This contains Google’s security best practices for enterprises involving security on mobile devices, computers, other endpoints, Google Drive, accessing public websites and more.
With Eftsure added to your accounts payable security function, not only are you minimising the risk of fraud, scams and error, but your AP team will have confidence in releasing supplier payments by detecting and investigating suspicious activity during the verification process.
Contact Eftsure today for a full demonstration of how we can protect your business against BEC attacks.
The Essential Cyber Security Guide for CFOs
Understand the full range of cyber threats facing the modern CFO.
It's the critical information you need to stay one step ahead of cyber criminals and prevent your organisation becoming a victim.
US and Dutch authorities have seized 39 domains linked to the Heartsender cybercrime network, disrupting a global fraud operation targeting businesses and individuals.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …