Anglian Internet is a family run, independent firm that has been in business for over 20 years.
Made up of a dedicated team of IT professionals, we pride ourselves on being able to provide a wide range of reliable solutions to suit your needs, at the right cost.
Our Support team provide cost effective IT Support, Cloud Services, Servers and Office 365 to business customers across Norwich, Norfolk, Suffolk and East Anglia.
Improve your Business ITOur Workshop in Norwich offers PC repairs, Laptop repairs, Apple repairs including iMacs, MacBook’s, iPhones and iPads, Tablet repairs, along with repair of AV Systems and any other electronic repairs.
View Supported RepairsWe can provide your business with a comprehensive VoIP telecoms solution, along with Broadband and Leased Line services across Norwich and Norfolk.
View our Telecom ServicesOur Web development team in Norwich can help with Linux and Windows web hosting services, domain names, emails, web space and web design.
View Hosting PlansBrowse our massive range of IT Equipment, PCs, Laptops and Accessories. Buy Local in our Norwich store or buy online with confidence on our Secure Shop and receive rapid shipping!
Purchase In-Store or OnlineWe can provide your business with unlimited technical support over the phone or via remote support no matter where you are in the world.
Receive Dedicated SupportA single convincing email can do more damage than a failed server. For many small and medium-sized firms, email is still the main route for fraud, account compromise and data loss. That is why a clear business email security guide matters. If your team relies on Microsoft 365, shared inboxes, mobile access and quick supplier communication, email security is not a background task. It is a daily business control.
Email remains a favourite target because it sits at the centre of finance, customer service, HR and management. One compromised account can expose invoices, passwords, internal conversations and client data within minutes. The good news is that most email-related risks can be reduced with a sensible mix of technical controls, staff awareness and regular checks.
Most attacks do not begin with dramatic hacking. They begin with something ordinary: a fake invoice, a password reset request, a copied supplier thread or a message that looks as though it came from a director. Criminals rely on speed, pressure and familiarity. If your team is busy, helpful and used to responding quickly, they already have the traits attackers want to exploit.
For SMEs, the risk is often higher than expected. Smaller businesses may not have a dedicated internal IT team, yet they still process payments, hold customer information and depend on uninterrupted communication. Attackers know this. They also know that many firms have email protection switched on at a basic level but have not reviewed it properly.
The strongest starting point is access control. If an attacker cannot sign in, much of the damage is prevented before it begins. Multi-factor authentication should be standard on every business email account, especially for directors, finance staff, administrators and anyone with access to shared mailboxes or cloud platforms.
Password policy still matters as well, but it has changed. Long, unique passwords are more useful than forced frequent resets that lead to predictable choices. A password manager can help staff use strong credentials without writing them down or reusing them across systems. If your team already struggles with too many logins, this is often a practical improvement rather than an extra burden.
You also need to review who has access to what. Shared accounts, old employee logins and unnecessary admin rights create openings that are easy to miss. Leavers should be removed promptly, mailbox permissions should be checked regularly, and privileged access should be limited to those who genuinely need it.
A lot of businesses focus on what users can see in their inbox and forget the domain behind it. That is a mistake. Domain-level protections help stop criminals spoofing your business and improve the way other systems treat your email.
SPF, DKIM and DMARC are central here. In simple terms, they help receiving servers verify whether a message claiming to come from your domain is legitimate. When configured properly, they reduce impersonation and support deliverability. When configured badly, they can create confusion, so this is an area where careful setup matters.
There is a trade-off to manage. Some businesses run multiple platforms for email marketing, CRM notifications, websites and third-party services. Tightening domain records without a full review can interrupt genuine messages. That does not mean you should avoid the work. It means you should document what sends email on your behalf and configure protections properly rather than guess.
Spam filtering, malware scanning and attachment controls are essential, but no filter catches everything. Modern phishing emails are often well written, correctly branded and timed to coincide with genuine business activity. If your team thinks filtering means they no longer need to be cautious, that creates another problem.
A better approach is layered protection. Use filtering to reduce volume and remove obvious threats, then support that with staff checks and reporting processes. Banner warnings on external emails can help, especially for firms that often receive messages from unknown addresses. Attachment sandboxing and link rewriting can add another layer, though they may occasionally delay delivery or affect user experience.
That balance matters. Too much friction and staff start bypassing controls. Too little and dangerous messages land in front of busy people with no warning. The right setup depends on how your business works, how much email you handle and how much risk certain departments carry.
Security awareness often fails because it is treated as a yearly exercise rather than a working habit. People do not need long lectures. They need clear, repeatable checks they can use in under ten seconds.
Teach staff to pause when a message involves money, credentials, sensitive files or urgency. Ask them to check the sender address properly, not just the display name. Encourage them to question changes to bank details, unexpected document sharing requests and login prompts that appear after clicking a link. If a request is unusual, it should be confirmed through a second method such as a phone call.
This is especially important for finance teams and senior staff. Invoice fraud and impersonation attacks often target people with authority to approve payments quickly. Directors are also common targets because their accounts carry trust inside the business. Security training should reflect those realities rather than treat every user exactly the same.
Many SMEs assume that moving to Microsoft 365 means security is largely handled. The platform offers excellent tools, but they still need configuration, monitoring and policy decisions. Default settings are not always enough for the way your business actually operates.
Conditional access, sign-in alerts, mailbox auditing and anti-phishing policies can all strengthen your position. So can blocking legacy authentication, reviewing forwarding rules and limiting automatic external forwarding where it is not needed. Forwarding rules are often overlooked, yet they are a common sign of account compromise because attackers use them to quietly copy emails out of the business.
Backups also need attention. Cloud platforms provide resilience, but that is not the same as having your own recovery plan. If email is deleted maliciously, altered by a compromised account or retained incorrectly, recovery can become complicated. A proper backup and retention approach gives you more options if something goes wrong.
A business email security guide is incomplete without incident response. If a user clicks a malicious link or an account is compromised, speed matters. The first hour can make the difference between a contained issue and a wider breach.
Your team should know who to contact, how to isolate an account and what immediate steps to take. That usually includes disabling sign-in, forcing password resets, revoking sessions, checking mailbox rules, reviewing sent items and assessing whether other systems were accessed through the same account. If financial fraud is suspected, banks and affected suppliers may need to be contacted straight away.
This process should not live only in one technician's head. Even a short written procedure is better than relying on memory under pressure. Businesses with outsourced IT support should make sure response responsibilities are clearly understood in advance, including what happens outside normal working hours.
Email security is not a one-off project. Staff change, suppliers change, software changes and attackers change their methods. A practical review every few months is far more useful than a thick policy document that nobody reads.
Look at failed sign-in attempts, MFA usage, mailbox permissions, forwarding rules, domain protections and training refreshers. Review whether any departments are under heavier attack than others. If your business has grown, taken on remote staff or added new cloud services, your email setup may need tightening.
For businesses across Norwich, Norfolk and the wider region, the priority is usually straightforward: reduce risk without slowing the business to a crawl. That means choosing sensible controls, applying them consistently and making sure staff know what good looks like. Anglian Internet works with organisations that want that balance - practical protection, dependable support and advice that fits the way local businesses actually operate.
Email is not going away, and neither are email threats. The firms that handle it best are rarely the ones with the most complicated systems. They are the ones that pay attention, put the basics in place and keep improving them before small gaps turn into expensive problems.