Checklist
Email Security Checklist for SMEs
Protect your email from phishing, spam, and data leaks with this comprehensive checklist.
Purpose
Email is the #1 attack vector for cyberattacks. 90% of data breaches start with a phishing email. This checklist hardens your email security posture.
Technical Controls
- SPF record configured and published
- DKIM signing enabled
- DMARC policy set to reject or quarantine
- External email warning banner enabled
- Attachment blocking for dangerous file types (.exe, .js, .vbs)
- Auto-forwarding to external addresses disabled
User Controls
- Phishing awareness training completed by all users
- Report phishing button enabled in email client
- Regular phishing simulation exercises
- Clear process for reporting suspicious emails
Put this into practice with workro desk.