Introduction
Imagine receiving a call from your most valuable supplier, worried that their payment for the month had not been processed. You’re sure that it had and give them assurances that the payment had been made. You ask them to double-check. During the conversation, you explain that you had actioned their request (from a few months ago) for payment to be made into a new account. Then it dawns on you both… the email received a few months ago was fake… As a result, the money due for your supplier has gone missing… Lost to a cyber security fraudster. And it wasn’t just a normal payment; this one was a much larger payment. The fraudster had been waiting.
In this article, we explore another free service from the National Cyber Security Centre (NCSC), called Check Your Email Security. We examine its benefits, explain how it works, and provide guidance on its use.
Background
The National Cyber Security Centre (NCSC) is the UK’s authority on cyber security, dedicated to making the UK the safest place to live and work online. The NCSC provides a range of services to help organisations protect themselves and react to cyber threats. One of their offerings is called ‘Check Your Email Security’ and is aimed to provide organisations with insight into their email domain for important areas relating to email anti-spoofing (preventing fake emails) and email privacy (ensuring messages can’t easily be read by others).
Benefits
- Protects against Fraud: Reduces risk of phishing and financial scams
- Message Authenticity: Supports emails being genuine and from trusted sources
- Safeguards Sensitive Data: Helps prevent data leaks and breaches
- Builds Trust: Helps demonstrate professionalism and care for recipients email and privacy
- Adds to Existing Security Controls: Can enhance and supplement the effectiveness of cyber security, by supporting strong encryption
- Compliance Support: Raises awareness and supports compliance with UK data protection regulations and other legal requirements
How It Works
- Checks Encryption: to identify whether the data contained within an email appears to be scrambled, or easy for others to see
- Checks Spoofing: to identify whether a threat actor could impersonate you and/or your organisation
- Runs in Seconds: provides results that are quick to produce
- Informative: provides information relating to how the data is handled, insight into the technical testing that takes place, the results, and makes recommendations.
- Additional testing capabilities: more advanced tests are available (for free), just require a specific email to be sent in order for tests to be run and more results to be generated
Who’s Eligible to Use It
The NCSC has a mission to make the UK the safest place to work online, and as such, they have made Check Your Email available to any-sized organisation. This includes public sector bodies, private companies of all sizes, charities and not-for-profits, educational institutes, healthcare providers, and local authorities.
How to Get Started
- Visit the NCSC web page for email security checks: Go to https://basiccheck.service.ncsc.gov.uk/email-security-check
- Enter Your Email Domain: Type your domain (such as @yourdomain.co.uk) and enter ‘check now’
- Check for Issues: A dialogue box will show results, indicating issues found from the testing
- Reflect and Act: Review the results and take appropriate actions to address any identified weaknesses
- Run Advanced Tests: Simply choose ‘click here to open a draft email’ in the dialogue box on the NCSC webpage, then send the email and check the results
- Repeat: When ready, repeat the testing to carry out ongoing testing and validation
How We Help
- At RB Consultancy Ltd, we support organisations in strengthening their cyber security posture
- NCSC Cyber Advisor certified – we’re proven to help organisations understand and implement technical controls
- NCSC Assured Service Provider – we meet the standards set by the National Cyber Security Centre (NCSC)
- IASME Assessor and Certification Body – we assess organisations and issue certificates for Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance
- Consultancy – with ISO 27001 Lead Implementer certification, we help organisations implement Information Security Management System (ISMS) and associated controls
Conclusion – How to use NCSC free service to Check Your Email Security
The National Cyber Security Centre (NCSC) offers a valuable service called “Check Your Email Security” that helps organisations protect against email-related cyber threats. By using this service, organisations can enhance their email security, safeguard sensitive data, and build trust with their recipients. The service provides insights on email anti-spoofing and privacy, supports compliance with UK data protection regulations, and can be used by organisations of all sizes.
RB Consultancy Ltd empowers organisations through cyber security. We can provide insight into how we use this service and the associated benefits. Contact Us for further information, advice, and guidance.
Information Sources
NCSC Check Your Email Security webpage: https://checkcybersecurity.service.ncsc.gov.uk/email-security-check
Written by Remo Belisari, Managing Director of RB Consultancy Ltd, an experienced cyber security professional and cyber advisor. Remo holds certifications relating to CISSP, ISSAP, ISO 27001, Cyber Essentials, and IASME Cyber Assurance, and has many years of experience in IT and cyber security. Remo has a history of supporting organisations from all over the world, including a Fortune 500 in the USA and over 100 organisations across the UK. The views expressed in this blog are those of the author and do not necessarily reflect the views of RB Consultancy Ltd, its clients, partners, or affiliated organisations. The content is intended for general information only.