Cyber crime

6 Effective Email Security Best Practices

Niek Dekker
5 Min

Just one click…is all it takes to let a cyber-criminal into your digital network.

Email attacks are increasing each year. This means if your accounts payable (AP) staff are not equipped with the knowledge to defend against BEC attacks, your AP staff may be deceived by cyber criminals.

In fact, in the first half of 2022, the ACCC received 11,395 incident reports of business email compromise scams and in total, this cost Australian businesses $57 million.

In week 3 of October’s Cyber Security Awareness Month, we explore the email security best practices to ensure your finance team’s email is secure from spam and phishing attacks.

Email Security Best Practices

Implementing email privacy and security starts when you first create an email account for newly onboarded accounts payable staff. The following email security best practices can be integrated into any organisation:

1. Strong Passphrases

Using several complex passwords across multiple devices is a no-brainer in email security. Yet email accounts are still becoming vulnerable to the use of poor passwords, for example, 66% of Australians responded they use the same passwords for multiple accounts.

Here are some best practices when creating a strong password:

  • Must be at least 14 characters long
  • Contains upper and lower-case letters, numbers & special characters
  • It involves a mix of random letters and words
  • Unique complex password for every account

If you cannot remember every unique password for all your devices, try using a password manager that could give you peace of mind. We explore using a password manager below.

2. Password Manager

Password managers are great for enhancing email security, they allow you to store, generate, and retrieve complex passwords for a variety of applications. This includes email, social media, and other online services.

In addition, password managers can help you generate random strong passwords for each of your applications. When accessing a password manager, employees will only need to remember the master password to access and use the email security tool.

You can start using a password manager like LastPass to stay in control of your cyber security and manage multiple passwords at once.


3. Multi-Factor Authentication

Turning on multi-factor authentication (MFA) protects your work emailing accounts with extra login steps. Implementing MFA can provide you with an extra layer of security that can effectively protect against unauthorised access from cyber criminals.

Typically, MFA requires a combination of information from the user when logging into an account. For example:

  • Something you know (such as a password or PIN code)
  • Something you have (such as a one-time password, physical token, or smartcard)
  • Something you are (such as your fingerprint or face scan)

Having two or more authentication factors increases your email security and makes it difficult for cyber criminals to gain access to your account especially if they know the password. To get started with MFA you can do the following:

  • Download an authenticator app (e.g. Outlook authenticator)
  • Enable biometrics or fingerprint scanning on your mobile device
  • Pair your device using SMS, email, or phone call

4. Encrypting Email Messages

Another email security solution to protect sensitive information is encrypting email messages by enabling S/MIME (secure/multipurpose internet mail extensions) on Outlook or Gmail.

By integrating S/MIME your email messages are protected in the following:

  • Encryption: protects the content of email messages
  • Digital signatures: verifies the identity of the sender of an email message

How this works is when a user sends an email, the sender encrypts the email using a public key while the recipient decrypts the email using a private key. S/MIME encryption and digital signatures ensure that the email is authenticated, and its content is not manipulated in any way.

Through email encryption, you can establish integrity, uphold privacy, and preserve sensitive data when sending emails.


5. Secure Email Gateway

Secure email gateway providers are a great email security solution If you are looking to block email-based threats like spam, viruses, malware, or denial of service attacks before they reach your mail server.

These unwanted malicious emails can be quarantined, ignored, deleted, or simply bounced back with an error message. When selecting a secure email gateway provider, you should look out for the following features and capabilities:

  • Scanning capabilities: ability to scan emails and identify threats
  • Defending against multiple threats: protect against phishing attacks, malware, or malicious email attachments
  • Advanced security threat identification: AI technology that can evolve in identifying sophisticated attacks
  • Deployment opportunities: be able to be deployed on any organisational network structure


6. Cyber Security Awareness Training

Utilising detection and protection security solutions is not enough to prevent cyber-attacks.

Cyber security awareness training is necessary for organisations in every industry to protect themselves against the rise of cybercrime and sophisticated phishing attacks. The training program should use a variety of tools that will not only engage your employees but also be an ongoing pursuit that allows skills to develop consistently over time.

The best approach to cyber security awareness training is involving a blend of formal, computer-based training assignments, and phishing simulations on a monthly and quarterly basis. Some of the topics that need to be addressed in training are:

By prioritising cyber security awareness training, you can increase the awareness of email-based threats and significantly reduce the security risk of phishing emails that may lead to data breaches.

How Eftsure Can Help

The best defence against email threats and BEC attacks is implementing cyber security awareness training and promoting a cyber security culture in the workplace.

Financial leaders and IT teams must collaborate to ensure employees are competent in email security and understand how to handle emails that may seem malicious.

With Eftsure, our fraud tech platform protects your organisation by verifying the banking details you use to process electronic payments. Through payment investigation, you can ensure that the BSB, and account number are correct before releasing funds. This process makes sure that the funds are being sent to the legitimate recipient.

Contact Eftsure today to learn more about staying protected from malicious emails.

BEC Incident Response Guide for Finance Teams
Learn how to respond to a Business Email Compromise attack by following the necessary steps.

Download the Business Email Compromise (BEC) Incident Response Guide today to strengthen the odds of recovering your funds following a BEC attack.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.