How To Configure Your Email Security Settings for Outlook & Gmail

Importance of Email Security for CFOs

There’s no denying that in 2022, every enterprise and finance team should be prioritising cybersecurity in their organisation. Although, when it comes to email security, CFOs should work with IT professionals to help employees set up their email security of the highest calibre.

Most accounts payable departments incorporate complex passwords or two-factor authentication (2FA). However, there are better security protocols that can enhance your security measures in emails.

For instance, a 2019 Global Data Risk Report by Varonis reported a staggering 53% of enterprises left over 1,000 sensitive files, and folders unencrypted and open to all employees. This highlights that enterprises are not fully optimising their email security settings, or implementing other security measures.

To stay protected against malware, BEC attacks and employee negligence, CFOs must integrate an email security solution with several core capabilities such as:

• Anti-phishing
• Malware protection
• Data loss prevention
• Account takeover prevention

Next, we look into what you can do to maximise your Outlook email settings & Gmail settings.

How to Review Your Email Security Settings

When onboarding AP clerks, it’s best practice to proactively review their email account security.

This can prevent cyber attacks and increase your chances of regaining control if their email has become compromised. Here are a few tips to get you started in reviewing your Microsoft Outlook security settings.

Configuring Microsoft Outlook Security Settings

Step 1: Changing your email password

1. Visit https://account.microsoft.com and sign in to your account
2. Once logged in, select your profile which is located in the right side corner
3. Click security located on the top bar menu
4. This will take you to a screen “security basics”. Then click “change my password”
5. Enter your current password
6. Click “save”

It’s best practice to come up with a 16-character password involving upper and lower-case letters, numbers and special characters.

Organisations are strongly encouraged to create a new strong password every 2-3 months to minimise the risk of a cyber threat. If you’re unable to remember every strong password created, consider investing in a password manager.

Step 2: Setting up Multi-Factor Authentication (MFA)

1. Visit https://account.microsoft.com and sign in to your account
2. Once logged in, select your profile which is located in the right corner
3. Click security located on the top bar menu
4. Select “add sign-in method”
5. Select “authenticator app”
6. Click “add”
7. Click download now to stall the Microsoft Authenticator App and follow the screen prompts

Step 3: Reviewing recent activity logins

1. Visit https://account.microsoft.com and sign in to your account
2. Once logged in, select your profile which is located in the right corner
3. Under your profile name, click on “view account”
4. Under “my sign-ins”, click review recent activity

Here you can review all your recent login activities such as the time of login, day, location, IP address, operating system and Outlook email account.

For more instructions on reviewing your Outlook security settings, visit the ACSC step-by-step guide that can assist your accounts payable department in email security.

Configuring Gmail Security Settings

Step 1: Conducting a security checkup

1. Sign into your Gmail account https://accounts.google.com/ServiceLogin
2. Click on your profile icon on the right corner
3. Select “manage your Google account”
4. Select “security” located on the left side menu
5. Click “review security tips”
6. Turn on enhanced safe browsing and follow the prompts in reviewing each security protocol

Step 2: Managing third-party access

When visiting the security section of your account. You can review which third-party app has access to certain sensitive data in your Google account like your Gmail, photo albums, Google Drive or Google calendar. This includes the following:

• Your contacts, private correspondence or sensitive documents like attached copies of bank accounts, medical reports, company reports, etc.
• Your photo albums that may contain official company documents, invoices or contracts
• Your financial records, official reports or presentations
• Company appointments, meetings or locations

It’s best practice to review and restrict your personal information being accessed by certain third-party apps.

Step 3: Inspecting Security Events

1. In the security section of the menu
2. Select “review security activity”

Reviewing your recent security activities is best practice as a monthly security routine to identify any suspicious activity. If you recognise any unknown security events, then you should consider in securing your account.

This will signal Google to lock your account and prompt you to change your password immediately. For a comprehensive guide, visit the ACSC website.

The Bottom Line

CFOs and IT administrators should collaborate extensively when following security best practices to help strengthen the security and privacy of the organisation’s data. Maximising each security practice will reduce the risk of a data breach.

If you are looking to implement further email security enhancements, you can do so by viewing the Google Workspace. This contains Google’s security best practices for enterprises involving security on mobile devices, computers, other endpoints, Google Drive, accessing public websites and more.

With Eftsure added to your accounts payable security function, not only are you minimising the risk of fraud, scams and error, but your AP team will have confidence in releasing supplier payments by detecting and investigating suspicious activity during the verification process.

Contact Eftsure today for a full demonstration of how we can protect your business against BEC attacks.