Securing email services – DMARC and TLS

Email security enhancements are an easy modification to make to corporate mail services, and standards such as DMARC and TLS are relatively straightforward ones to roll out.

DMARC initiatives over in the US are showing how effective a coordinated programme can be if executed correctly.

InfoSecurity Magazine has a good article on the subject, with some excellent statistics:

https://www.infosecurity-magazine.com/news/dmarc-adoption-surges-ahead-mandate/

Email security and anti-spoofing – NCSC

NCSC have recently updated their guidance on email security and anti-spoofing.

Implementing measures such as DMARC and SPF are well worth doing and will enhance the quality of your email service.

Also make sure you use certificates from recognised Certificate Authorities and configure correctly, to ensure TLS is used as effectively as possible. Also make sure you configure cipher settings as you require.

See:

https://www.ncsc.gov.uk/guidance/email-security-and-anti-spoofing

Ransomware and good security practices (Part 1)

This week there is considerable coverage of a major company being afflicted once more by WannaCry.

It’s been about a year since the initial wave of WannaCry outbreaks spread across the world. In the UK, the NHS was affected to such an extent that it exposed how far cyber security practices, and infrastructure planning, had faltered.

Continue reading “Ransomware and good security practices (Part 1)”