IT Support Insider: Email Security for Businesses

Email Security

Executive Summary

  • In our IT Support Insider series, we take a close look a specific area of the technical aspects of running a business and offer best practice advice from our team of IT experts.

  • In this edition of IT Support Insider, we’re focusing on email security, including the basics of securing your emails, your users are well-informed about cyber security best practices, and how to optimise your back-end configuration.


A lot has changed for businesses in the last ten years or so.

Where once we were all at our desks from 9 to 5 every day, many of us now work from home or utilise the hybrid working model. Where phone calls were often the bread-and-butter of employee’s daily routine, much communication is now handled by digital platforms like Microsoft Teams.

Despite all this change, there’s one thing which was here 10 years ago, and is likely to still be here 10 years from today: email.

A stalwart of global business, the lowly email inbox remains the centre of many of our working days – the first place we look in the morning, and the last at night.

But with the focus and importance comes a lot of responsibility for your company’s email setup and best practices. Is your setup watertight from a security perspective? Is your team employing best practices for data protection and anti-phishing? Are you suffering unnecessary email outages?

In this edition of IT Support Insider, we’ll give you the lowdown on email security and offer you some expert insights into how to set up your email systems for success.

Your email server: hosted vs. on-premises

You may already have a setup you’re happy with, but if you’re in the midst of deciding which email setup is most secure, you’ve probably landed on two potential solutions: hosted or “on-prem”.

Hosted essentially means that the behind-the-scenes mechanics of your email system is physically located on a remote server, such as is the case with Microsoft Exchange Online. This also means you benefit from the world-class cyber security protection available on Microsoft’s servers.

On-prem, on the other hand, is an installation of the email software server on dedicated hardware at your office. This can be a good solution if you want fine-grain control of your setup, but you’ll need an IT support team to keep everything up and running at all times.

Email filtering policies and EOP

If you do decide to use a hosted solution for your business email, the one we recommend is Microsoft Exchange Online, which is available as part of the Microsoft 365 family of products.

Not only is Exchange a great choice for managing your business email, it also comes with a lot (and we mean a lot) of built-in security measures designed specifically for email. Don’t worry, while EOP is cloud-only, you can still use it to protect your on-premises server by filtering the emails first.

By default, Microsoft 365 subscriptions come bundled with Exchange Online Protection, or EOP, which a cloud-based filtering service to help improve your email security right out of the gate. Your IT support team won’t need to configure individual policies or filters, because everything just works – though of course it’s all configurable for users who want to do more.

Think of EOP a bit like a multi-stage water filter: an email comes in, and it’s scanned as follows:

  1. Connection Filtering
  2. Anti-Malware
  3. Mail flow rules (i.e. any of your custom policies)
  4. Content Filtering

 The default version of EOP is a decent starting point for most businesses, but we always recommend investing in more advanced options to ensure your company is protected. One great example of these advanced options is Microsoft Defender for Office 365, available in various flavours as part of the Microsoft 365 Business Premium subscription. Learn about what this includes in our dedicated article.

Multi-Factor Authentication

We’ve covered this topic many times before on the Get Support blog (including in a dedicated Plain English Guide) so we’ll keep it brief, but Multi-Factor Authentication is basically a necessity for modern businesses. If you want to be able to have your team checking email or accessing apps like Microsoft Teams on the go, or even just from home, adding MFA will bump up your baseline security significantly. The best part? It’s super easy to set up for any business using the cloud (hosted) version of Microsoft 365.

Password discipline

It’s true that you could spend millions of pounds on cyber security measures and other protective measures. It’s also true that all of this can be (almost) entirely circumvented by a single employee using a password like “letmein123” or, even worse, “password”.

To keep your email security locked down tight, it’s a good idea to implement policies about numbers, letters, uppercase, and lowercase — but it doesn’t end with education about good password choices. You can also use built-in tools within Microsoft 365 to enforce rules about password complexity to avoid anyone falling through the cracks.

Cyber security and anti-phishing training

The email security factors we’ve looked at so far have mainly been about the infrastructural and technical aspects of securing your emails, but there’s a lot of background work you can do to avoid your IT support team having to step in to resolve potential breaches.

Even with a solid password and MFA protection, there’s always the risk of employees falling for common phishing scams. These aren’t technical malware attacks, but instead rely on social engineering, meaning they effectively work around any technical countermeasures you might have deployed.

So, what’s the solution? It’s all about education. Keep your employees posted on the latest scams and phishing attacks doing the rounds and they should be able to spot them – before the damage is done.

Not sure your email security is up to scratch? Talk to the IT support experts

If the email security factors we’ve covered this article have given you some pause for thought, it might be that you need an email security tune-up.

While some of the changes can be implemented on your end, others may require your IT support team to make some back-end infrastructural changes. However, if you don’t have an IT support department, or you’re relying on one-off providers (and paying for the privilege), our team of IT experts can help.

For free advice on how to improve your email security, or to find out more about our IT support agreements, call us today on 01865 594 000 – or just fill in the form below.

Latest From The Blog

Viva Connections

What’s That App? A Beginner’s Guide to Microsoft Viva

In this edition of “What’s That App?”, we’re looking into the employee experience and engagement platform Microsoft Viva. Could it be the catalyst to your business thriving in the new remote working economy?

The Great LinkedIn Data Scrape (And What It Means for UK Businesses)

In mid-2021, a group of hackers managed to access the data of 700 million LinkedIn users via a method called ‘scraping’. Here’s what UK businesses need to know about this potential cyber security risk.
Data Backup

IT Support Insider: Backup, Disaster Recovery, and Business Continuity

In this edition of our IT Support Insider series, we’re turning our attention to an area of computing which can be a genuine lifesaver: backup, disaster recovery, and business continuity