🟢 DISCOVER DETOX FOR MICROSOFT 365 COPILOT : 2 STEPS TO REDUCE DATA EXPOSURE! START YOUR RISK ASSESSMENT 👉

Security

03 December 2018

Leaders – 10 quick tips for your email security

Leaders using email

For more than four years, IDECSI has built a solid reputation by protecting email and Office 365 accounts for executives and employees of major international groups. IDECSI is often engaged as an expert on best practices for the protection of mailboxes, be that for executives, senior managers, their assistants, employees managing sensitive information (HR, DOFA, IT, security, …), and the wider employee base.

Don't give visibility to your sensitive data 

The first rules are basic and critical, but all too often are not followed today.

  • Do not write passwords on post-it notes and absolutely do not leave them visible near your computer.
  • Do not leave your laptop or desktop open, even at night – always log off or at least lock the session. IDECSI frequently identifies nighttime activity, and of course internal or external staff frequently work out-of-hours.
  • Ideally, do not allow users administrative rights on their computers. Where such rights are needed, use a separate account that is only activated when needed. 

Have visibility on your data

Some less well-known good practices can help secure against important security threats:

  • Ensure that personal devices connected to the work environment (home computer, tablet, personal phone) can only be used by the owner – prevent access by family and other staff.
  • Check the level of visibility to the calendar by other users. The calendar often contains sensitive information (appointment details, meeting titles, conference call details, attachments). If the rights are too permissive, it will be impossible to verify who has accessed the information.
  • Regularly check who has access to email accounts and whether the access rights and delegations are up-to-date and legitimate. Delegations often remain active after the departure of an executive assistant, or after IT has completed a task.
  • Regularly review the rules present on email accounts (forwarding, copying, deletion, etc.) 

Executive assistants are a high-risk population, similar to the individuals they support. Assistants often have access to several mailboxes, potentially making them an even more attractive target for hackers. In general, executive assistants must protect themselves in the same way as the executives, following the best practice in this post.

Ensure governance of your delegations

For senior staff, it is also important to ensure that mailbox delegations are well managed:

  • When an assistant stops supporting a given executive, the executive should change their own password(s) – it’s very common for assistants to know their boss’s passwords.
  • The assistant’s rights and delegations should be removed, including from the calendar.
  • It’s often important for assistants to manage their executive’s appointments from a mobile device. However, giving access to the calendar by mobile means giving access to the entire account. Where such access is given, it is crucial to delete the account from the assistant’s smartphone when they change function. 

These tips significantly reduce email security risk for all employees and executives of the company. 

In general, the more entry points there are to critical data, in this case mailboxes, the wider the area of exposure. For each entry point – delegation, rule, service account, etc –  companies should consider the real need for that exposure. When the need is legitimate, it is then a question of protecting this access point. 

With IDECSI, we invite you to go further in securing your email and Office 365.

Our articles

These articles may
interest you

Microsoft Copilot: 5 advice for data access secure
Microsoft 365
Security
Trends

Microsoft Copilot: 5 advice for data access secure

Lire l'article
Illustration of a dangerous share in Microsoft 365
Microsoft 365
Security

How to reduce the risk of shared data in Microsoft 365

Lire l'article
Access review
Security

M365 Collaboration Tools Access Review

Lire l'article
Classification with MIP
Microsoft 365
Security

Classify and protect sensitive data: focus on MIP

Lire l'article

Data protection, let's discuss your project?

 

Contact us
video background