Electronic messaging

The organization has developed guidelines for staff that define the acceptable use of various communication services and aim to prevent the disclosure of confidential information to, for example, a phisher or other third parties.

SPF, DKIM and DMARC are technologies that prevent the sending of fake emails and phishing.

DMARC works together with SPF and DKIM. It tells the receiving e-mail server how to deal with a message that do not pass SPF or DKIM checks.

SPF, DKIM, and DMARC are technologies that prevent the sending of fake emails and phishing.

DKIM adds a digital signature to the header of outgoing e-mail. The outgoing e-mail header is encrypted with a private key, and the public key is added to the domain's DNS information so that the receiving server can decrypt the information. The key therefore ensures that the messages actually come from your own domain and not from the sender impersonating you.

SPF, DKIM, and DMARC are technologies that prevent the sending of fake emails and phishing.

Using SPF will help verify the authenticity of emails sent from your domain. The SPF is added as a TXT entry to your domain's DNS information to tell you which email servers are allowed to send email on behalf of your domain. The receiving email server refers to this entry when deciding whether the email is coming from the right party.

With the mailbox audit logs, it is possible to track, for example, logins and other actions within inbox.

Usually, this feature is not turned on by default, and for employee privacy, it is important to choose the actions to be monitored carefully.

Information included in application services transmitted over public networks must be protected against fraudulent and non-contractual activity and against unauthorized disclosure and alteration.

We use strong encryption and security protocols (eg TLS, IPSEC, SSH) to protect confidential information when it is transmitted over public networks in connection with the IT services we develop.

Anti-phishing policies can help an organization prevent impersonation-based phishing. Targeted “spear phishing” attacks in particular are often so skillfully executed that even a conscious employee finds it difficult to identify a scam.

For example, the ATP extension for Microsoft 365 can quarantine e-mail messages that impersonate our CEO or that present our own domain as the sender's domain, while forwarding them to the person in charge of security.

Once the mailbox audit log is enabled, the events should be saved to a selected location for a desired time. This can be, for example, "Audit log search" in a Microsoft 365 environment or a separate SIEM system. In addition, it is necessary to decide on the control measures to be taken.

With the help of email monitoring, e.g. identify personal, unstructured but valuable or sensitive personal or other information in e-mail traffic and the system.