NCSC unveils email security-checking tool for private sector organisations at CYBERUK

The National Cyber Security Centre (NCSC) has released a brand-new tool for businesses to check the strength of their email security in a bid to reduce the number of cyber attacks they suffer.

Announcing the new service at the organisation’s annual CYBERUK conference, Email Security Check will assess if a business is vulnerable to attacks by checking two aspects of cyber security using publicly available online domain information.

The online service will check to see if anti-spoofing protocols such as domain-based message authentication, reporting and conformance (DMARC) have been configured correctly which can help prevent cyber criminals from sending emails purporting to be from a business.

DMARC helps businesses verify their email headers which will ensure emails sent from inside the organisation are trusted by the receiver, while those sent by cyber criminals attempting to spoof the company through email scams are seen as untrusted and less likely to be opened.

The second aspect of cyber security assessed by Email Security Check is email privacy. It does this by checking for privacy protocols such as transport layer security (TLS) are implemented in an organisation’s email client.

TLS is an industry-standard method of encrypting data between senders and can be found in most modern email providers. Building on the work from secure sockets layer (SSL), TLS ensures email communications cannot be hijacked and tampered with while in transit.

The NCSC said Email Security Check is a developing service and it will be adding more features “in the near future”.

The cyber organisation also said the service should not be confused with one that checks domains or individual emails for malicious activity. All suspicious emails should be reported to internal IT teams and the NCSC at report@phishing.gov.uk.

“Email plays a central role in how organisations communicate every day so it’s vital that technical teams have measures in place to protect email systems from abuse,” said Paul Maddinson, NCSC director for national resilience and strategy.

“Our new Email Security Check tool helps users identify where they can do more to prevent spoofing and protect privacy and offers practical advice on how to stay secure.

“By following the recommended actions, organisations can help bolster their defences, demonstrate they have taken security seriously, and make life harder for cyber criminals.”

The tool is a stripped-back version of the existing Mail Check service offered by the NCSC, which is another free initiative that checks for DMARC and TLS compliance but is only available to public sector entities.

According to NCSC figures, organisations’ adoption of recommended controls varies wildly with some having just 7% of the bare minimum security measures in place.

The Email Security Check website was made available today and requires no details, personal or otherwise, from the user to access the service.