The National Cyber Security Centre (NCSC) has launched a new email security checker to help organisations protect their email privacy and prevent spoofing. This comes after the publishing of the top 15 most exploited vulnerabilities of 2021, in which 8 of the top 15 involved Microsoft Exchange servers. Figures from the NCSC show that some UK sectors have just 7% of the recommended security controls in place, emphasising the great need for a service such as this. It is a free, no-sign-up-necessary tool that does not require any personal details to use.
This new email security tool allows for organisations to check their email domains have up to date security measures in place in order to protect email privacy and prevent cyber-crime. It is designed to help check for security vulnerabilities and offer security advice.
Using DNS records available publicly online the new tool looks up the email domain and checks for anti-spoofing controls. It checks that these anti-spoofing standards such as the DMARC policy are configured correctly, which stops cyber criminals from misusing the domain and sending out malicious emails. Notably this has recently been an issue for the NHS with a large phishing campaign being launched from NHS emails against external targets. Organisations such as this can also have access to additional advice through the Mail Check Service from the NCSC.
Email privacy can also be improved by using this tool, which can look up privacy protocols like TLS to ensure encryption during transit. Maintaining encryption helps prevent unauthorised access and the email contents remain confidential. For any organisation no matter the level of confidentiality of your data, privacy is a key form of prevention from cyber-attacks.
“By following the recommended actions, organisations can help bolster their defences, demonstrate they taken security seriously, and make life harder for cyber criminals.”
Paul Maddinson, NCSC Director for National Resilience and Strategy.