Published in


Email Security Protocol Template for Small and Medium-Sized Businesses

If you run a small business, chances are that you wear many different hats. You probably often play the role of CEO, salesperson, marketing expert, and IT support guy or gal. However, the IT piece can get quite complicated at times, especially if you have to wing it without any help.
If you are a one-person-show, it is perfectly fine to address routine maintenance issues as they arise while you are looking for the best IT partner to support you. However, protecting your company’s email platform in the meantime should be extremely high on your to-do list as many viruses and threats make their way inside your network because of improper email handling by internal employees. There are things that you can do right now to increase your odds against these threats. Keep reading to learn the things that you need to do to up your game when it comes to email security.

Protect Against Phishing

Phishing has become very sophisticated in recent years, and the bad guys are getting better and better at tricking people into providing sensitive information. Most employees mean no harm, and they often fall for these phishing scams unintentionally. Thankfully, your email system can be configured to help prevent these scams. Many times, hackers will spoof an internal email address so that it appears it was sent from inside your company. Most email platforms today can be set up to block these spoofed email addresses from delivering mail to your employees. Make sure that you tune your settings so that no emails from spoofed domains are allowed through and that the emails from unauthenticated senders get blocked or quarantined. If you cannot spot those settings in your email agent, reach out to customer support for the software you are using or go through the Help section on the website or in the installation package. Protecting against email phishing is a big first step in the overall protection of your network.

Handle Spam Appropriately

Nobody likes getting spam messages, and the employees in your business are no different. Not to mention the fact that spam messages often contain links to malicious sites or carry contaminated attachments. Setting appropriate spam filters is critical to securing your email system. Spam settings have many different options, and you should examine them all to make sure they are appropriate for your organization. You will need to specify where the messages identified as spam will go. If there is high confidence that the message is spam, you should likely quarantine it. However, if it could be a false positive, then you should probably just move it to the Junk folder. You can also choose to delete messages immediately if they come from a domain with a bad reputation or the URL has been redirected to a bad site. These types of emails should never make it to the recipient so that there is no chance of clicking a bad link.

Perform Necessary Email Scans

You should always make sure that you scan all incoming emails appropriately, including attachments, to help identify problems. Failing to scan incoming emails is like bypassing the security line at the airport — that is not safe for anyone! The depth and level of scanning required are specific to your business needs, but at a minimum, you should be scanning attachments for known malware or viruses. You can also choose to scan for sensitive information like credit card numbers or social security numbers. This can be set up for outgoing email as well so that your employees cannot send sensitive data outside your network where it might be intercepted or used by others.

Allow Your Users to Report Problems

One way that your spam and phishing protection gets better is by identifying problem emails and better training your system to identify them. Having an easy way for your users to report spam or phishing attempts will let your security team get better at configuring your email system to block malicious messages. Most email agents will also allow you to block a sender or an entire domain that you can configure yourself, no security team required. In some email clients, reporting can be done with the simple click of a button. Other organizations may choose to have their users forward the message to a reporting mailbox. Either way, make sure to provide proper training to your employees so that they recognize these kinds of emails and know how to report them. The best defense against malicious email attacks is a knowledgeable and engaged group of users.

While there are many more pieces to an overall security puzzle, and advanced email solutions with AI-enabled predictive capabilities available only through MSPs like 3nom, protecting your email system is a great place to start. Make sure that you have all the settings described above in place for the best possible protection for your organization, and if you’re not confident, check with your email client’s customer support. Provide regular training and information to your staff so that they can help identify problems as well. Finally, if this all seems too overwhelming, you can bring in expert help when you need it and focus on what you do best — leading your business. Leaving your email system open to potential attacks is simply not an option, so make sure you get the help you need to implement these basic security measures. Start by getting in touch with 3nom, the leading MSP in New York, New Jersey, and Florida, today!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aroon Duncanson

Aroon Duncanson

@AroonMelane — Miami Based, Marketing & PR