Email remains the primary attack vector for cybercriminals targeting businesses. From phishing scams and malware to business email compromise (BEC), the threats are sophisticated and constantly evolving. This guide from SakuraHost outlines essential email security practices every business should implement to protect their communications and data.

The Email Threat Landscape

Understanding the threats is the first step toward effective protection:

  • Phishing: Fraudulent emails designed to trick recipients into revealing passwords, financial details, or other sensitive information. These often impersonate trusted brands, banks, or colleagues.
  • Spear Phishing: Targeted phishing attacks directed at specific individuals, often using personal information gathered from social media or previous data breaches.
  • Business Email Compromise (BEC): Attackers impersonate executives or business partners to request fraudulent wire transfers or sensitive data. BEC caused over $2.7 billion in losses globally in 2023.
  • Malware and Ransomware: Malicious attachments or links that install software to steal data, encrypt files, or take control of your systems.
  • Account Takeover: Attackers gain access to email accounts through stolen credentials, weak passwords, or brute-force attacks.
Real Threat: Tanzanian businesses are increasingly targeted by email scams, particularly invoice fraud where attackers intercept legitimate invoices and replace bank details with their own. Always verify payment detail changes by phone.

1. Strong Password Policies

Weak passwords are the easiest way for attackers to gain access to email accounts. Implement these standards across your organization:

  • Minimum 12 characters, using a mix of uppercase, lowercase, numbers, and symbols
  • Never reuse passwords across different accounts or services
  • Use a password manager (e.g., Bitwarden, 1Password, LastPass) to generate and store unique passwords
  • Change passwords immediately if you suspect any compromise
  • Never share passwords via email or messaging apps
Update Your Password: In cPanel, go to Email > Email Accounts > Manage next to the account. Use the Generate button to create a strong random password with a strength rating of 65 or higher.

2. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second verification method (usually a code from your phone) in addition to your password.

For cPanel: Log in to cPanel, go to Security > Two-Factor Authentication. Scan the QR code with an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator) and enter the verification code to enable 2FA.

For Client Area: Log in to billing.sakurahost.co.tz, go to Hello, Name > Security Settings, and enable Two-Factor Authentication.

3. Email Authentication Records

Properly configured SPF, DKIM, and DMARC records protect your domain from being spoofed by attackers. These records are your domain's first line of defense against email impersonation.

  • SPF: Prevents unauthorized servers from sending email as your domain
  • DKIM: Cryptographically signs emails to prove they were not tampered with
  • DMARC: Instructs receiving servers to reject or quarantine emails that fail authentication

We strongly recommend progressing your DMARC policy to p=reject once monitoring confirms legitimate emails are passing authentication. This prevents anyone from spoofing your domain. Check our dedicated guide on email authentication setup, and learn more at DMARC.org.

4. Recognizing Phishing Emails

Train your team to identify phishing attempts by looking for these red flags:

  • Sender address mismatch: The display name says "Bank of Tanzania" but the actual email address is something like notifications@random-domain.xyz
  • Urgency and threats: "Your account will be suspended in 24 hours" or "Immediate action required"
  • Suspicious links: Hover over links (do not click) to see the actual URL. Phishing links often use misspelled domains or URL shorteners
  • Unexpected attachments: Be extremely cautious with .exe, .zip, .js, .docm, or .xlsm files from unknown senders
  • Poor grammar and spelling: Many phishing emails contain obvious language errors
  • Requests for sensitive information: Legitimate companies never ask for passwords, credit card numbers, or personal details via email
When in Doubt: If you receive a suspicious email that appears to be from a company you do business with, do not click any links or reply. Instead, navigate directly to the company's website by typing the URL in your browser, or call them using a known phone number.

5. Secure Email Transmission

Always use encrypted connections for sending and receiving email:

IMAP (Incoming): Port 993 with SSL/TLS
POP3 (Incoming): Port 995 with SSL/TLS
SMTP (Outgoing): Port 465 with SSL/TLS

NEVER use unencrypted ports:
Port 143 (IMAP without encryption)
Port 110 (POP3 without encryption)
Port 25 or 587 without STARTTLS

SakuraHost automatically provisions SSL certificates for mail services. Always select SSL/TLS when configuring email clients.

6. Email Backup Strategy

Protect against data loss by implementing a backup strategy:

  • Use IMAP to keep emails synchronized on the server and at least one local device
  • Periodically export important emails to local storage using Outlook or Thunderbird's archive features
  • SakuraHost performs regular server backups, but maintaining your own copies adds an extra safety layer
  • For critical business email, consider Google Workspace which provides built-in email retention and Vault for compliance

7. Device Security

Your email is only as secure as the devices used to access it:

  • Keep operating systems and email applications updated with the latest security patches
  • Install reputable antivirus software on all devices that access company email
  • Enable device encryption (BitLocker on Windows, FileVault on Mac, built-in encryption on iOS/Android)
  • Use screen locks on all devices (PIN, fingerprint, or face recognition)
  • Enable remote wipe capability for mobile devices through MDM (Mobile Device Management) solutions
  • Avoid accessing email on public or shared computers

8. Organizational Policies

Establish clear email security policies for your organization:

  1. Acceptable use policy: Define what constitutes appropriate use of business email
  2. Data classification: Specify what types of information can and cannot be sent via email
  3. Incident response: Create a clear process for reporting suspected phishing or security incidents
  4. Regular training: Conduct email security awareness sessions at least quarterly
  5. Access reviews: Periodically review who has email accounts and remove access for departed employees immediately
Departing Employees: When an employee leaves your organization, immediately change or disable their email account password and set up a forwarder to redirect their messages to their replacement. Never leave former employee accounts active and accessible.
Security Audit: SakuraHost can review your email security configuration and provide recommendations. Contact our team at billing.sakurahost.co.tz or chat with us at sms.sakuragroup.co.tz.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Getting Started with Webmail (Roundcube)

How to Use Roundcube in cPanel body { font-family: -apple-system,...
Connecting Webmail to Devices & Gmail

KB: Connecting Webmail to Devices & Gmail body { font-family:...
How to Create Professional Email Accounts in cPanel

.kb-article { line-height: 1.8; color: inherit; max-width: 900px; } .kb-article h2 { color:...
Setting Up SPF, DKIM, and DMARC Records for Email Authentication

.kb-article { line-height: 1.8; color: inherit; max-width: 900px; } .kb-article h2 { color:...
How to Configure Your Email on iPhone, Android, and Outlook

.kb-article { line-height: 1.8; color: inherit; max-width: 900px; } .kb-article h2 { color:...