• Home
  • Login
  • Welcome to the Staff Intranet
YOU ARE HERE: Skip Navigation LinksEdinburgh Napier Staff Intranet > Service Depts > IT > Cyber Security > Email Security Improvements

​Email Security Improvements


Summary

​Email is probably the main route through which student and staff accounts are currently compromised, as a result of successful social engineering during phishing campaigns - both generic and targeted. Users receive convincing messages which encourage them to visit a website and enter their credentials, which are then captured and used by an attacker to carry out further malicious activities. 

Malicious files sent as attachments to emails can result in malware being downloaded and executed on University systems. Once the initial malware has gained a foothold, it can be used to deliver additional malware, including highly disruptive malware such as ransomware. 

Without email forwarding restrictions in place, University data can be transmitted to uncontrolled locations such as personal email accounts, or attacker-controlled mailboxes. 

 

What Are The Benefits?


The University should expect to see a reduction in the number of “Account Compromise” and will improved the email security and an associated reduction in the number of email-based security incidents.

We will also be looking into the benefits offered by Office 365 Advanced Threat Protection and also third-party cloud based email security products that integrate with Office 365, including a trial of Cisco Cloud Mailbox Defence.

  

What Changes Will Be Made?


We will review and consider the best practice guides for email security from Microsoft, the National Cyber Security Centre and also any adjustment of the currently available security controls within Exchange online and Office 365.

We will review and adjustment of the Outlook Address Book and the Outlook Report Message Add-In and also look at the external message banner.  

Review and adjustment of the mass message quarantine/deletion process to enable the Security Team to take action on confirmed malicious emails or indicators of compromise, ideally through integration with existing security.


Information Services will provide end user guidance relating to email security, including how to detect, repsond and report a suspected attack.


Visit the External Automatic Forwards page ​

 

 



Edinburgh Napier University is a registered Scottish charity.
Registration number SC018373