Business email compromise (BEC) and email scams are among the fastest-growing cyberthreats that Australian organisations face. Cybercriminals targeting organisations through emails are becoming more prevalent each year.
What’s more worrying is that in 2021, employees received an average of 14 malicious emails according to Tessian research. All it can take to cause a data breach, or exploit your network security, is one click on a malicious link or attachment.
However, Australian organisations can take charge of their cybercrime strategy to prevent severe consequences. Before implementing best practices and prevention methods, it’s important to note the significance of email security and what you can do to review your email security settings.
In the second week of the annual October Cyber Security Awareness Month, we explore how you can review your accounts payable department email security settings for Outlook and Gmail.
Importance of Email Security for CFOs
There's no denying that in 2022, every enterprise and finance team should be prioritising cybersecurity in their organisation. Although, when it comes to email security, CFOs should work with IT professionals to help employees set up their email security of the highest calibre.
Most accounts payable departments incorporate complex passwords or two-factor authentication (2FA). However, there are better security protocols that can enhance your security measures in emails.
For instance, a 2019 Global Data Risk Report by Varonis reported a staggering 53% of enterprises left over 1,000 sensitive files and folders unencrypted and open to all employees. This highlights that enterprises are not fully optimising their email security settings or implementing other security measures.
To stay protected against malware, BEC attacks, and employee negligence, CFOs must integrate an email security solution with several core capabilities such as:
Next, we look into what you can do to maximise your Outlook email settings and Gmail settings.
How to Review Your Email Security Settings
When onboarding AP clerks, it's best practice to proactively review their email account security.
This can prevent cyberattacks and increase your chances of regaining control if their email has become compromised. Here are a few tips to get you started in reviewing your Microsoft Outlook security settings.
Configuring Microsoft Outlook Security Settings
Step 1: Changing your email password
Visit https://account.microsoft.com and sign in to your account
Once logged in, select your profile which is located in the right side corner
Click security located on the top bar menu
This will take you to a screen "security basics". Then click "change my password"
Enter your current password
Click "save"
It's best practice to come up with a 16-character password involving upper and lower-case letters, numbers, and special characters.
Organisations are strongly encouraged to create a new strong password every 2-3 months to minimise the risk of a cyber threat. If you're unable to remember every strong password created, consider investing in a password manager.
Step 2: Setting up Multi-Factor Authentication (MFA)
Visit https://account.microsoft.com and sign in to your account
Once logged in, select your profile which is located in the right corner
Click security located on the top bar menu
Select "add sign-in method"
Select "authenticator app"
Click "add"
Click download now to install the Microsoft Authenticator App and follow the screen prompts
Step 3: Reviewing recent activity logins
Visit https://account.microsoft.com and sign in to your account
Once logged in, select your profile which is located in the right corner
Under your profile name, click on "view account"
Under "my sign-ins", click review recent activity
Here you can review all your recent login activities such as the time of login, day, location, IP address, operating system, and Outlook email account.
For more instructions on reviewing your Outlook security settings, visit the ACSC step-by-step guide that can assist your accounts payable department in email security.
Configuring Gmail Security Settings
Step 1: Conducting a security checkup
Sign into your Gmail account https://accounts.google.com/ServiceLogin
Click on your profile icon on the right corner
Select "manage your Google account"
Select "security" located on the left side menu
Click "review security tips"
Turn on enhanced safe browsing and follow the prompts in reviewing each security protocol
Step 2: Managing third-party access
When visiting the security section of your account, you can review which third-party app has access to certain sensitive data in your Google account like your Gmail, photo albums, Google Drive, or Google calendar. This includes the following:
Your contacts, private correspondence, or sensitive documents like attached copies of bank accounts, medical reports, company reports, etc.
Your photo albums that may contain official company documents, invoices, or contracts
Your financial records, official reports, or presentations
Company appointments, meetings, or locations
It's best practice to review and restrict your personal information being accessed by certain third-party apps.
Step 3: Inspecting Security Events
In the security section of the menu
Select "review security activity"
Reviewing your recent security activities is best practice as a monthly security routine to identify any suspicious activity. If you recognise any unknown security events, then you should consider securing your account.
This will signal Google to lock your account and prompt you to change your password immediately. For a comprehensive guide, visit the ACSC website.
The Bottom Line
CFOs and IT administrators should collaborate extensively when following security best practices to help strengthen the security and privacy of the organisation’s data. Maximising each security practice will reduce the risk of a data breach.
If you are looking to implement further email security enhancements, you can do so by viewing the Google Workspace. This contains Google’s security best practices for enterprises involving security on mobile devices, computers, other endpoints, Google Drive, accessing public websites, and more.
With Eftsure added to your accounts payable security function, not only are you minimising the risk of fraud, scams, and error, but your AP team will have confidence in releasing supplier payments by detecting and investigating suspicious activity during the verification process.
Contact Eftsure today for a full demonstration of how we can protect your business against BEC attacks.
