Step 7: Turn on Basic Logging

4 minutes, 1 link
From

editione1.0.0

Updated October 9, 2023
Now Available
Security for Everyone

The last setting to turn on in the administrative settings is alerting. This is the one setting you shouldn’t overdo. It can be easy to turn on “all alerting,” then later hit a point called “alert fatigue.” This is similar to the little kid who cried wolf one too many times, so when there was a real problem no one reacted.

The best way to not overdo alerting is to turn it on for events that you need to respond to (or higher-risk events). If your business grows, you might have people who are responsible for reading through alerts that just need to be “watched closely” (or lower-risk events), but for now we need to make the best of the resources we have. These high-risk events won’t happen often, so when you do get a notification, you know you need to act now.

important Here are a few high-risk security alerts that would cause you to sit up and take action, and what you can do when they happen:

  • User-reported phishing. This means someone in your business reported an email they received as being dangerous and suspicious. If this happens, talk to the employee: congratulate them for doing the right thing, and look at the message they received. This is a great way to reinforce positive actions on your employee’s part, while also being aware of attempted attacks on your business or people. (Who doesn’t like a pat on the back for a good job?)

  • Multiple failed logins or suspicious logins. This is either based on the upper limit of failed login attempts you have set, or on an algorithm your email vendor has set based on the “normal login behaviors” they see. This is a good alert to have on because given the context of how you operate, your employees will rarely log in from new locations other than the standard home, office, or local community. These algorithms usually also have the intelligence to detect that your employee was just logged in from Wellington, New Zealand, and has somehow teleported across the world to log in from Virginia in the US. Note that this setting might be noisy if your teams are using virtual private networks (VPN), which changes where their internet traffic is coming from. You can action these alerts by again phoning up, texting, or speaking to that employee. If they don’t respond and it isn’t too disruptive, a quick reset of that user’s passwords can give you some peace of mind before they get in touch.

  • Leaked or lost passwords. This is an alert that won’t always be available, but is a good one if it is. Large email providers like Google tend to have this option, and you can search through your email provider’s support pages to see if it is available. This can alert you when your email provider discovers a data leak posted online containing you or your employees’ passwords. Large email providers tend to have specialized teams that are responsible for sifting through the internet, looking for indications of breaches to protect their customers and warn them of problems. Hopefully your employees are not using the same password across all their applications, especially with all the tools and controls you have set up to enable them to use unique passwords. But it can happen, and this alert can help you protect them. If this alert triggers, the first thing to do is reset that user’s password yourself. Then follow up with a phone call or in person to explain what happened.

There will be a lot of other alerts you can set up, but until your business gets bigger or you get more employees using email, these alerts will help you stay alert to the most common issues you might face.

Step 8: Prevent Spam and Identity Misuse

We spent a lot of time thinking about work email and enabling your employees to be secure; now we need to think about the stuff around the edges of that. What about the people on the other end of the email message?

At the end of the day, email is just a digital way we communicate with customers, suppliers, and others. When a supplier comes by to drop off some goods and hands you an invoice, you instantly know and trust that they are who they are. They might be wearing the supplier uniform, driving a supplier branded vehicle, they might even be the same person from the supplier you have worked with for ages. You can trust who they are, what they are doing, and more importantly that the invoice they have handed you is real.

When applied in a digital sense, it is tricky, as you need to rely on cues you find in the email or elsewhere online. Most of the time this cue is the senders’ email address. Sadly, this can be easily spoofed, or faked. It is like a stranger coming into your business, with a handwritten and fake supplier name badge, asking to pick up that payment you missed last month.

You’re reading a preview of an online book. Buy it now for lifetime access to expert knowledge, including future updates.
If you found this post worthwhile, please share!