Email Security Tips from the Australian Cyber Security Centre

As part of its #actnowstaysecure campaign, the

recently shared recommendations for protecting email accounts.

The campaign highlights the ACSC email security

, which walks readers through why email security is important:

“If someone gains unauthorised access to, or impersonates your email account, they can intercept or gain access to your private communications.”

This campaign also highlights ways to determine if someone else has accessed your email account such as noticing strange emails in your sent folder or receiving unexpected password reset notifications.

It also offers links to practical guides on how to protect your business from email fraud and how to secure your Microsoft account with

.

The guide entitled

is of interest, as it shares suggestions for protecting SMBs and enterprises. They include:

• Turning on MFA

• Renewing domain names

• Registering additional domain names to deny cyber-criminals the opportunity to register domain name very

  similar to your business
  in order to trick people

• Setting up

  email authentication measures
  to prevent spoofing attacks

• Protecting privacy by limiting the amount of personally identifiable information posted online

Under the MFA suggestion, the paragraph ends with this: “Remember to

for your email account if you cannot use multi-factor authentication.” In clicking on the link, the reader is brought to yet another page, entitled

Passwords, pins and passphrases

.

Recommending the use of MFA is important, as is keeping PII close to the vest. Points also go towards seeding in language about the use of a strong passphrase.

But, these recommendations could be less complex and more straightforward (centering domain names over

?). We will reiterate here: we believe national and international agencies with a security-centric purview should recommend, clearly and on their main pages, that

consumers and businesses use strong and unique passwords

. Leaving it up to readers to comb through documents or follow a trail of links will result in reader attrition and message dilution.

Furthermore, the ACSC misses the opportunity to highlight the

. Password managers allow users to easily create and manage strong and unique login credentials for each website to reduce the impact of potential data breach. If it happens, only a single password is compromised, and users can quickly generate a new one. There are a host of excellent options on the market.

For a refresher on how Bitwarden ranks agencies, see Bitwarden’s

report.

Overall Bitwarden Assessment: Good

• Does not recommend use of a password manager

• Calls out importance of strong passwords

• Cites need for 2FA/MFA to further support password security

• Overall security advice is not up-to-date and does not adhere to NIST guidelines

• Does not lay out password security recommendations in a clear, digestible, and easy to find manner

Learn what advice other leading cybersecurity agencies offer, and how they compare, in the

, released earlier this year.

Ready to try Bitwarden? Start a

to help your team stay safe online or sign up for a

free individual account

.