IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC unveils email security-checking tool for private sector organisations at CYBERUK

The free service will focus on checking for TLS and DMARC compliance to protect against anti-spoofing and email hijacking

The National Cyber Security Centre (NCSC) has released a brand-new tool for businesses to check the strength of their email security in a bid to reduce the number of cyber attacks they suffer.

Announcing the new service at the organisation’s annual CYBERUK conference, Email Security Check will assess if a business is vulnerable to attacks by checking two aspects of cyber security using publicly available online domain information.

The online service will check to see if anti-spoofing protocols such as domain-based message authentication, reporting and conformance (DMARC) have been configured correctly which can help prevent cyber criminals from sending emails purporting to be from a business.

DMARC helps businesses verify their email headers which will ensure emails sent from inside the organisation are trusted by the receiver, while those sent by cyber criminals attempting to spoof the company through email scams are seen as untrusted and less likely to be opened.

The second aspect of cyber security assessed by Email Security Check is email privacy. It does this by checking for privacy protocols such as transport layer security (TLS) are implemented in an organisation’s email client

TLS is an industry-standard method of encrypting data between senders and can be found in most modern email providers. Building on the work from secure sockets layer (SSL), TLS ensures email communications cannot be hijacked and tampered with while in transit.

The NCSC said Email Security Check is a developing service and it will be adding more features “in the near future”.

The cyber organisation also said the service should not be confused with one that checks domains or individual emails for malicious activity. All suspicious emails should be reported to internal IT teams and the NCSC at report@phishing.gov.uk.

Related Resource

The state of email security 2022

Confronting the new wave of cyber attacks

Whitepaper cover with image of a man walking along a beach, with a line graph overlayFree Download

“Email plays a central role in how organisations communicate every day so it’s vital that technical teams have measures in place to protect email systems from abuse,” said Paul Maddinson, NCSC director for national resilience and strategy.

“Our new Email Security Check tool helps users identify where they can do more to prevent spoofing and protect privacy and offers practical advice on how to stay secure.

“By following the recommended actions, organisations can help bolster their defences, demonstrate they have taken security seriously, and make life harder for cyber criminals.”

The tool is a stripped-back version of the existing Mail Check service offered by the NCSC, which is another free initiative that checks for DMARC and TLS compliance but is only available to public sector entities.

According to NCSC figures, organisations’ adoption of recommended controls varies wildly with some having just 7% of the bare minimum security measures in place.

The Email Security Check website was made available today and requires no details, personal or otherwise, from the user to access the service.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022