News & Insights
E-mail Security
E-mail security is one of the biggest attack vectors for organisations across the world. Luckily, the NCSC recently launched a new FREE E-mail Security Tool at the recent CYBERUK2022.
The tool has been specifically designed to identify vulnerabilities that can lead to e-mail spoofing and/or email privacy being breached to further secure you organisations defences.
Its estimated that Microsoft OFfice 365 blocked 1000 e-mails every second in 2021 due to being malicious which totals more then 35.7 billion e-mails.
This tool which can be found here requires no sign up or personal details and should be used as a platform for your technical teams to quickly identify and resolve known and unknown vulnerabilities to Fourtify your defence.
If your organisation is: Central Government / Local Authority / Emergency Services / NHS Organisations / Academia or Charities, you can also take advantage of Mail Check.
The NCSC states that Mail Check provides a secure, easy to use web tool that allows you to:
- Shared security dashboard: Mail Check will let you create a shared dashboard view of the security of your domains with your colleagues. You can drill into the detail from this dashboard.
- Anti-spoofing configuration checks: Determine whether your email domains are correctly configured with anti-spoofing controls SPF, DKIM and DMARC. We will explain these standards, provide feedback about the strength of the controls you have in place, highlight any configuration mistakes, and guide you through improvements. Note that these checks are based on publicly available information from the public Domain Name System (DNS)
- DMARC reporting: Critical in your implementation of anti-spoofing controls. Mail Check can collate, enrich and simplify analysis of aggregate DMARC reporting. This reporting is based on feedback from recipients of emails from your domain, helping you understand which systems are sending emails on your behalf, whether the recipient could trust that email really came from your organisation, and help you identify and fix configuration issues. It will also highlight the extent to which your domain is already being abused. Note that aggregate DMARC reporting does not include sensitive information about emails, such as full email addresses, subjects, or email contents.
- TLS security checks: Mail Check will initiate an email conversation with your email server (but without actually sending an email). This allows us to assess if there are risks to the privacy of your emails related to your TLS configuration, which could include using out of date versions of the TLS standard, insecure encryption cyphers, or invalid certificates.
- Helping you implement MTA-STS: Mail Check will check and advise on the implementation of the standard MTA-STS, that prevents an attacker from removing the TLS privacy on your emails. Alongside this, Mail Check can also process TLS-RPT reports to support your implementation.
- Notifications: Mail Check will generate email notifications to alert you if there have been changes in your email security
If you’d like to discuss your e-mail security further, speak to the team today: hello@fourtify.co.uk
Categories
- Consultancy
- The Importance of an Incident Response Plan for Small and Medium Businesses
- What is Malware?
- Is Vulnerability Scanning important to your business?
- Cyber Essentials for Accountancy Sector
- IASME Cyber Baseline FAQs
- Cyber Essentials for Small Businesses
- Funded Cyber Essentials Programme
- Cyber Essentials – Grace Period for Technical Controls
- IASME and British Chamber of Commerce: Chamber Cyber Essentials Partnership
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- E-mail Security
- The rise of Ransomware-as-a-Service (RaaS)
- Cyber Essentials & Cyber Essentials Plus
- Cyber Awareness
- The Importance of an Incident Response Plan for Small and Medium Businesses
- Whats your Cyber Secure Score?
- Fourtify achieve Certification Body status for Cyber Essentials Plus
- Is Vulnerability Scanning important to your business?
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- Sophos Intercept X achieves ‘AAA’ Protection
- Cyber Essentials FAQs
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- E-mail Security
- The rise of Ransomware-as-a-Service (RaaS)
- Cyber Essentials 3.0 will be launching in January 2022
- Stay Safe Online this Christmas.
- Cyber Essentials & Cyber Essentials Plus
- Cyber Essentials
- Whats your Cyber Secure Score?
- Fourtify achieve Certification Body status for Cyber Essentials Plus
- What is Malware?
- Cyber Essentials for Accountancy Sector
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- Lexcel and Cyber Essentials: Strengthening Your Legal Practice’s Security.
- Cyber Essentials Montpellier (3.1)
- Cyber Security for Charities
- Cyber Essentials for Small Businesses
- Funded Cyber Essentials Programme
- Cyber Essentials – Grace Period for Technical Controls
- Cyber Essentials FAQs
- IASME and British Chamber of Commerce: Chamber Cyber Essentials Partnership
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- The IASME Cyber Assurance Standard
- Fourtify’s Cyber Security FAQ’s
- Update to Fees for Cyber Essentials Certification
- Cyber Essentials 3.0 will be launching in January 2022
- Cyber Essentials & Cyber Essentials Plus
- IASME Cyber Assurance
- Cyber Essentials / IASME Cyber Assurance: Price Increase from April 2nd 2024
- IASME Cyber Assurance & Privacy Commissioner, Bermuda.
- Cyber Security for Charities
- What is the difference between Phishing and Blagging?
- Diminish Cyber Threats with Sophos Intercept X
- Cyber Assurance Level 1 & Level 2 Certification: FAQs
- The IASME Cyber Assurance Standard
- IASME Cyber Baseline
- Remote Working