The NCSC’s Email Security Check: Should Your Business Use It?

Published

Executive Summary 

  • Even with the many new digital collaboration platforms hitting the market, email remains a central communication channel for most businesses.  
  • Secure email communications rely on the right setup behind the scenes, but not all business owners or managers know how to check on this and ensure they’re compliant and secure. 
  • A new tool from the National Cyber Security Centre, the Email Security Check service, can help you confirm your email setup is secure in just a few clicks. But should you use it?

Introduction 

Did you know that the first email in history was sent way back in 1971? 

It’s something of a marvel, then, that almost all businesses still rely on this communication channel in one form or another. On the other hand, over 50 years of history also gives more unsavoury customers plenty of time to exploit vulnerabilities in the system. 

So how can you ensure your email setup is as watertight as it can be? How do you know, even without technical knowledge, that your email systems are configured with cyber security in mind? 

As if by magic, the National Cyber Security Centre (NCSC) has developed a tool to address this question head-on – and it’s called, quite fittingly, the NCSC Email Security Check tool.  

Here’s what you need to know.  

What is the NCSC Email Security Check tool? 

The Email Security Check tool is a free service provided by the National Cyber Security Centre, an organisation within the UK government. The tool was built to quickly and easily review the under-the-hood setup of a company’s email systems to ensure that it’s secure.  

The Email Security Check tool can be used to review your own organisation by simply entering the domain (e.g. ‘getsupport.co.uk’) into the checker tool. From there, it’ll check the configuration of the domain’s email server and ensure that it meets industry best practices for cyber security. 

When entering a domain name into the checker, you’ll (hopefully) be presented with a simple message to confirm that the site has no issues with its email setup. However, you’ll also be able to access some more in-depth info about the specifics of the email security.  

How does the NCSC Email Security Check tool work? 

In terms of actually using the tool, it’s as simple as entering a domain name into the tool and clicking a button. All of the magic takes place in the background and, as mentioned above, you’ll be instantly alerted about any potential issues with the email setup.  

Right now, there are two specific checks that the Email Security Check tool makes on behalf of your business. Let’s look at both.  

DMARC Policy is the first check the tool makes and refers to the DMARC anti-spoofing system. DMARC stands for “Domain-based Message Authentication, Reporting and Conformance”, but in plain English it’s a measure which assesses incoming email and decides whether or not it’s legitimate. A strong DMARC policy will protect your business from spammers and scammers who may try to pose as others as part of a cyber-attack attempt.  

The next check is of the TLS Configuration, which is all about the security of emails while they’re ‘in flight’. While data – in this case, email communications – are in transit, TLS certificates ensure that it’s safely encrypted so that it can’t be intercepted. You can learn more about encryption from our Plain English Guide. With a solid TLS configuration in place (TLS 1.2 or higher), anyone who does manage to intercept an email won’t be able to read any of it, making their efforts wasted.

There’s actually one more check which is currently planned for the NCSC Email Security Check tool, but is not yet implemented. This will test for MTA-STS, which is another layer of protection in addition to TLS. Properly configured MTA-STS setups will ensure that so-called ‘man in the middle’ attacks won’t be able to intercept any email in transit or redirect them to another server.  

Should you use the Email Security Check tool for your business? 

In a word… yes.  

Because the Email Security Check tool was built and is managed by the NCSC – an organisation within the UK government – you can rest assured it’s all safe and secure to use.  

Provided you double-check the URL (website link) you’re using is correct, there’s no reason not to enter your company’s domain name into the tool to review your email setup. In fact, you can enter any URL into the tool, because the factors it’s checking are technically accessible to anyone – if you know where to look. The NCSC themselves actually recommend using the tool to review the domain of any organisation you work with to ensure their setup is also secure.  

Speaking of the URL, here’s the full link to the Email Security Check tool where you can check your email configuration right now:  https://emailsecuritycheck.service.ncsc.gov.uk/

Does your business need a cyber-security tune-up? 

Tools like the NCSC Email Security Check are very useful for getting a quick overview of your company’s cyber security – but there’s a lot more to true protection for your business. 

From complete security solutions like Endpoint Detection and Response platforms to everyday security policy management, there are many moving parts when it comes to cyber security. If you’d like a no-obligation check-up of your company’s digital security, the Get Support team would love to hear from you.  

To discuss our cyber security solutions, why not call our IT experts? You can reach us on 01865 594 000 or fill in the form below and we’ll be in touch soon.  

Latest From The Blog

Microsoft 365 Copilot Release Roundup: August, September, October 2024  

Discover the latest updates for Microsoft Copilot released during August, September, and October 2024.

What's new with the Windows 11 24H2 update?

Here’s a Get Support guide to the latest Windows 11 24H2 update, including what matters most for small businesses.

Microsoft BizChat is far more important than it sounds

It might sound like the name was dreamed up in the early 2000s, but Microsoft BizChat is a deceptively powerful tool for small businesses.