Email Security for Business

July 5, 2024

How Do You Keep Your Business Safe From Email Threats?

Email is the number one entry point for attackers targeting small and mid-sized businesses. Business email compromise (BEC), phishing, spoofing, and malware delivery all start in the inbox. Defending against these threats requires a mix of technical controls (SPF, DKIM, DMARC), employee training (the SLAM method), and advanced email security tools that catch what built-in filters miss.

Most businesses rely on their email provider’s default spam filtering and assume they are protected. That is not enough. Microsoft 365 and Google Workspace block a lot of junk, but targeted attacks designed to bypass default defenses slip through every day.

At Ascend Technology Group in Omaha, one of the first things we address with every new client is email security. It’s where the biggest risks are — and where the biggest gaps usually show up.

What Is the SLAM Method for Keeping Your Emails Safe?

The SLAM method is a simple way to evaluate suspicious emails before you interact with them. SLAM stands for Sender, Links, Attachments, and Message. It gives your team a consistent process for spotting phishing attempts.

  • Sender: Verify who the email is actually from. Do not trust the display name alone. Attackers often use a familiar display name with a different email address behind it. Check the full email address.
  • Links: Do not click links until you check the destination. Hover over the link to preview the URL. If it looks wrong or misspelled (for example, a fake “Microsoft login” domain), treat it as suspicious. You can also scan suspicious links using VirusTotal.
  • Attachments: Do not open unexpected attachments, even from known contacts. If a vendor sends a surprise invoice, confirm it through a separate channel before opening. Malware often arrives as Word documents, PDFs, or ZIP files.
  • Message: Read the email closely. Be cautious of urgency, threats, or pressure tactics (for example, “Your account will be suspended in 24 hours”). These messages are designed to get you to act quickly without thinking.

If any SLAM element raises a red flag, do not interact with the message. Report it to your IT team or delete it.

The SLAM method works because it takes less than a minute and catches a large percentage of phishing attempts. The key is consistency: every employee, every time.

What Are SPF, DKIM, and DMARC?

SPF, DKIM, and DMARC are email authentication standards that help ensure messages using your domain are legitimate. They work together to reduce spoofing, where attackers send emails that appear to come from your business.

SPF (Sender Policy Framework)

SPF is a DNS record that lists which mail servers are allowed to send email on behalf of your domain. Receiving mail servers check the SPF record. If the sending server is not authorized, the message may be rejected or treated as suspicious.

DKIM (DomainKeys Identified Mail)

DKIM digitally signs outgoing emails. Receiving servers verify the signature using a public key published in DNS. This helps confirm the email was sent from an authorized system and was not altered in transit.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC tells receiving servers what to do when SPF and/or DKIM checks fail. You can start in monitoring mode, then move to quarantine, and ultimately reject. DMARC also provides reporting so you can see who is sending email using your domain and identify unauthorized sources.

Recommended setup order

  1. Publish an SPF record for your domain.
  2. Enable DKIM signing in your email platform.
  3. Publish a DMARC record and start with a monitoring policy.
  4. Review DMARC reports for 2–4 weeks to identify legitimate senders that need to be included.
  5. Move DMARC policy to quarantine, then reject once you are confident legitimate sources are not being blocked.

If SPF, DKIM, and DMARC are not configured, your domain can be spoofed. That puts your clients, vendors, and employees at risk — and it damages trust in your brand.

What Types of Email Attacks Target Small Businesses?

Phishing

Mass emails designed to trick people into clicking malicious links, downloading malware, or entering credentials into fake login pages are considered phishing. These campaigns rely on volume. Even a low success rate can be profitable for attackers.

Spear Phishing

Spear phishing is targeted phishing. Attackers gather details about your business, employees, clients, or projects, then craft messages that feel legitimate. These attacks are harder to detect because they reference real information.

Business Email Compromise (BEC)

BEC attacks impersonate an executive, vendor, or partner to trick someone into sending money, changing payment details, or disclosing sensitive information. BEC messages often contain no links or attachments — just a convincing request and pressure to act quickly.

Email Spoofing

Email spoofing is when an attacker forges sender information to make messages appear to come from a trusted domain. Without proper authentication controls, attackers can make email appear to come from your domain, enabling phishing and BEC attacks.

Malware Delivery

These emails contain malicious attachments or links that install malware when opened. This includes ransomware and remote access trojans. The message often looks legitimate (invoice, shipping notice, shared document) to encourage clicks.

What Email Security Tools Do You Need in Your Business?

Beyond SPF, DKIM, and DMARC, most businesses need an email security stack that includes:

  • Advanced threat protection (ATP): Tools like Microsoft Defender for Office 365 or Proofpoint scan links and attachments (often in a sandbox) to catch threats that bypass default filters.
  • Email encryption: If you handle sensitive data (legal, healthcare, finance), encrypt messages so only the intended recipient can access them. Microsoft 365 includes encryption options, and third-party tools like Virtru can help.
  • External email banners: A warning banner on messages from outside your organization helps employees pause before trusting an email that claims to be internal.
  • Phishing simulation and training: Simulated phishing campaigns identify risk and immediately reinforce training for users who click. Over time, this reduces successful attacks.
  • Email archiving and retention: Archiving supports compliance and preserves messages in a tamper-resistant, searchable format.

How Often Should You Train Employees on Email Security?

Email security training is not a one-time event. Annual training becomes a checkbox and does not change behavior. A better approach is monthly touchpoints, quarterly formal training (video or live), and immediate follow-up training any time someone falls for a phishing attempt.

The goal is not “zero clicks.” The goal is consistent habits — slowing down, verifying, and using SLAM: sender, links, attachments, message. At Ascend, security awareness training is built into our client cybersecurity services because it is one of the highest-impact ways to reduce real risk.

Frequently Asked Questions

What is the SLAM method?

SLAM is a fast process for evaluating suspicious emails: verify the sender address, inspect link destinations before clicking, avoid unexpected attachments, and assess whether the message content feels urgent or unusual.

How do I know if my domain has SPF, DKIM, and DMARC?

You can use a tool like MXToolbox to check for SPF, DKIM, and DMARC records. If any are missing or misconfigured, your domain may be vulnerable to spoofing.

Can email security stop all phishing?

No. Technical controls can block most attacks, but highly targeted phishing can still get through. Training employees to recognize suspicious patterns is essential.

What is the difference between spam and phishing?

Spam is unsolicited junk mail, usually commercial. Phishing is a deliberate attempt to trick someone into taking an action that compromises security, such as entering credentials or installing malware.

How much does a business email compromise cost?

BEC causes billions in losses every year. For individual businesses, a single successful incident can lead to major financial losses through fraudulent wire transfers, along with response costs and reputational damage.

Do we really need to encrypt all our emails?

Not always. Encryption can add friction. Many businesses encrypt messages that include sensitive financial data, health information, legal documents, or client personal data. Requirements vary by industry and regulation.

Can Ascend set up SPF, DKIM, and DMARC for us?

Yes. We set up and validate email authentication for managed IT clients and as part of security assessments. If your email authentication is missing or misconfigured, we can correct it and help improve your overall email security posture.

Posted in

Russell Vaughn

Russell Vaughn is a Partner at Ascend Technology Group, an IT services company in Omaha, NE. He started at Ascend as an IT Support Specialist, worked his way through business development, and became a partner in 2021. He leads sales and marketing for Ascend, working directly with small and mid-sized businesses on managed IT, cybersecurity, and technology strategy. Russell is a CompTIA A+ certified professional, a member of Vistage and Entrepreneurs' Organization, and serves on the board of the Epilepsy Foundation of Nebraska.