Email security best practices (part 1)

Add to: Digg Add to: Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Tuesday September 4, 2012 at 10:00am

This guide is designed to cut through some of the misunderstanding that users and organisations have about email security.

Email security involves the maintenance of the basic information security management ideas:

  • Integrity - ensuring that your message has not had unauthorised alteration
  • Confidentiality - ensuring that no unauthorised person (or process) has viewed the content
  • Accountability - being able to prove who wrote the email
  • Availability - ensuring that the email can be sent/received
  • Non-repudiability - being able to prove that the recipient really did receive it

Think before you click

Do not open e-mails when you can't tell who the sender is. Do NOT click on any links in this message if they appear.


If an unexpected email brings you news that seems too good to be true, it is probably spam and a scam. If you didn't request information about the product or service, it is probably spam and a scam. If it promises to enhance parts of your body, it won't!

Chain Messages

Chain messages are a burden on mail systems and to the vast majority of the people who receive them. Just don't pass them on - it is as simple as that.

Phishing Emails

Phishing is a type of online fraud where the sender of the email tries to trick you into giving out personal passwords or banking information. Even the most experienced email user will occasionally accidentally open up a phishing email. The best defence is never to open the email in the first place.

Always log into the source to check if the message is legitimate i.e: if Facebook appears to have emailed you, login to Facebook from a bookmark and check any notifications from within Facebook.


Use a unique password for different online accounts. Using the same password for different accounts is a bad idea, if one password is exposed this could expose all of your accounts that use the same password. Read our blog Tips for creating a strong password for further advice.

Use two factor authentication where available, this adds an extra layer of security. To login the user requires something they know (i.e: password) and something they have (i.e: phone).

White List

I always set my inbox to Exclusive where possible:

‘Your junk email filter is set to Exclusive. As a result, all messages from addresses that aren't in your Contacts or safe senders are sent to your junk email folder.’

I then review my junk for any relevant emails, white list the sender if appropriate and delete the rest.

HTTP Secure

Enable HTTPS if the option is available, especially important if using a webmail client (like gmail) at a WIFI spot. By using a connection with such security features, the user can be more confident that their account is safe from hackers.

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here