MDaemon Technologies Blog

Best Practices for Securing Work Devices from Any Remote Location

By Brad Wyro

young business people group have meeting and working in modern bright office indoor

 

Now that the Covid crisis is behind us, remote and hybrid work is no longer an emergency arrangement, yet many people continue to work from home as it becomes a more widely-accepted practice. According to Gallup's latest workplace research, roughly 52% of remote-capable U.S. employees now work in a hybrid arrangement and another 27% are fully remote, leaving fewer than one in four back in the office full time. The U.S. Bureau of Labor Statistics reports that more than a fifth of all employees still telework at least part of the time. After years of return-to-office headlines, the data shows hybrid has settled in as the default for knowledge work rather than fading away.

 

That new normal means security conversations are changing. When employees connect from home networks, coffee shops, and personal devices, the corporate perimeter is distributed by default, and not everyone using that setup recognizes the risk it creates, both for themselves and for the companies they work for.

The stakes have only grown. In its 2025 Cost of a Data Breach Report, IBM put the global average cost of a breach at $4.44 million. In the United States the average hit a record $10.22 million, driven by regulatory penalties and slower detection. And the most common way attackers get their first foot in the door is still the business world's most ordinary, everyday process: email. Phishing was the single most common initial attack vector in IBM's study, involved in 16% of breaches and costing victims an average of $4.8 million per incident.

What's changed most since this advice was first written is who, and what, is now sending those emails.

data-breach-cost-ibm-2025

The AI Shift Every Remote Worker Should Understand

For years, the standard guidance was to watch for clumsy phishing: bad grammar, odd spelling, generic greetings. That thinking is now dangerously out of date.

Attackers have adopted generative AI at scale. IBM found that roughly one in six breaches now involves attackers using AI, most often to power phishing (about 37% of AI-assisted attacks) and deepfake impersonation (about 35%). Security vendors tracking inbox traffic have watched AI-generated phishing climb to the majority of detected attacks in a matter of months. These messages are fluent, well-formatted, personalized to the recipient's role, and free of the usual signs employees were trained to spot.

ai-attacks-in-breaches-ibm-2025

The threat now extends beyond text. Criminals are using cloned voices and live video deepfakes to impersonate executives on phone and conference calls. In one widely reported case, a finance employee at engineering firm Arup transferred roughly $25 million after joining a video call in which every "colleague," including the CFO, was an AI-generated fake. For a distributed workforce that handles approvals over Zoom, Teams, and email rather than down the hall, that's a direct and growing risk.

The takeaway: you can no longer teach people to spot a scam by its sloppiness. The defense has to shift from recognizing bad writing to verifying unusual requests through a second channel, no matter how convincing the message, voice, or face appears.

Quick Tips for Secure Users

The core idea your employees must embrace is the need for ongoing vigilance. Cybercriminals are constantly finding new ways around security measures, so regular, realistic user training has to stay a top priority for anyone who uses email. At a minimum, your training should reinforce the following.

Things a legitimate company will not do in an email:

    • Ask for personal information, whether the recipient's or anyone else's.
    • Ask for access to sensitive business information or processes, such as banking details or shipment records.
    • Ask the recipient to enable macros in a file.
    • Pressure the recipient to act immediately, bypass normal procedures, or keep a request confidential.

Note what's missing from that list: "bad grammar and spelling." Modern AI-written phishing reads cleanly and often mirrors your company's tone, so polish is no longer a sign of safety.

Actions to think twice about, and verify, before performing:

    • Downloading any file.
    • Clicking any link, even in expected messages like shipping or payment confirmations.
    • Acting on any request to move money, change payment details, reset credentials, or buy gift cards.

When in doubt, verify through a known resource. If a message, or even a phone or video call, asks for money, credentials, or sensitive data, confirm it through a separate, known channel before acting. Call the person back on a number you already have, not one provided in the message. Because voices and faces can now be convincingly faked, the verification should never rely on the same channel the request arrived on. And if anything looks even slightly off, use the "report" function so the message can be examined further. Our blog has more detail on how to spot a phishing email.

Turn on multi-factor authentication everywhere. A stolen or guessed password shouldn't be enough to take over an account. IBM's researchers specifically point to phishing-resistant authentication, such as passkeys, as one of the most effective ways to cut the risk of credential abuse. Require MFA for email, remote access, and any system reachable from outside the office.

Increasing Email Security

Now let's look at the controls you can enable within your email systems. The principles below apply whether you run MDaemon Email Server on premises or sit SecurityGateway for Email in front of Microsoft 365, Exchange, or Google Workspace.

Ensure Data Privacy

    • Require strong passwords. Because attackers routinely try to hijack accounts by guessing passwords, weak or reused passwords should be off the table. Make sure your email server or account database (Active Directory, LDAP, etc.) enforces strong-password rules. MDaemon administrators can configure strong-password policies and maintain lists of disallowed passwords. They can even require users to use app passwords, which requires a separate, strong password for each email client used under a single account.
    • Encrypt data in transit. Enable TLS (the modern successor to SSL) for SMTP and HTTP/webmail so transmitted data can't be read in transit. Both MDaemon and SecurityGateway support TLS/STARTTLS using a valid certificate.
    • Authenticate your mail with SPF, DKIM, and DMARC. These standards help confirm that messages claiming to be from your domain actually are, which reduces spoofing and improves the deliverability of your own mail. MDaemon and SecurityGateway support SPF and DKIM verification, DKIM signing, and DMARC verification and reporting. Watch our video to learn more about how these anti-spoofing technologies work.
    • Avoid allowlisting local email addresses. Messages sent to an allowlisted local address can bypass many of your security checks and put your server at risk of being blocklisted.

Prevent Unauthorized Access

    • Require SMTP authentication so only verified senders can relay mail through your server (learn how here). For devices that genuinely can't authenticate (a printer or scanner, for example), use IP Shielding rather than loosening authentication.
    • Honor SMTP sessions from your domains only when they originate from an IP address associated with that domain (IP Shielding). Exceptions can be made for authenticated sessions.
    • Screen connections by location. If your business has no reason to exchange mail with a particular country, refusing connections from it can block large volumes of spam and attack traffic.
    • Verify unknown recipients against a trusted data source. In SecurityGateway, confirm that an incoming message addressed to an unknown local user maps to a valid account (by querying Microsoft 365, Active Directory, MDaemon, or another source) before creating the account and delivering the message.

Block Suspicious Activity

    • Use dynamic screening to automatically block connections that fail too many authentication attempts, connect too frequently, hold connections open too long, or target too many invalid recipients. MDaemon's Dynamic Screening and SMTP Screening, and the equivalent controls in SecurityGateway, can handle this.
    • Enable account hijack detection and cap how many messages an account can send in a given period of time. A sudden spike is an early warning that credentials have been compromised.
    • Don't allow open relaying. Mail that is neither to nor from a local account should not pass through your server; misconfigured relays end up on blocklists. Both products block relaying by default.
    • Flag risky attachments. Cybercriminals still hide malware in Office macros. Enable the option to detect macros in Microsoft Office documents and treat them as infected, so those messages can be refused or quarantined for review.

Consider an All-in-One Solution

Keeping up with this level of detail is hard for small and midsize businesses, especially as threats evolve almost daily and now include AI-crafted attacks designed to slip past older defenses. Our cost-effective, easy-to-use SecurityGateway for Email arrives preconfigured to address the concerns above out of the box. In addition:

    • Layered antivirus and outbreak protection. SecurityGateway scans all inbound and outbound mail with two antivirus engines, IKARUS and ClamAV, alongside Outbreak Protection, a real-time, content-agnostic technology that can proactively protect your email infrastructure within minutes of a new outbreak, often well before traditional signature updates are available.
    • Data Leak Prevention built in. SecurityGateway includes more than 70 Data Leak Prevention (DLP) rules to help stop unauthorized transmission of sensitive information such as ID numbers, credit card numbers, and other confidential data. These rules can quarantine flagged messages for review, redirect them to a designated address, or encrypt them. Enable the rules that fit your industry and compliance needs.

Securing a distributed workforce isn't simple, and it's hard to be certain you've covered every angle when people connect from anywhere. If you'd like help, call us at 817-601-3222 to speak with an email security specialist, or visit www.mdaemon.com to sign up for hosted or on-premises email protection.




Tags: Data Leak Prevention, Email Encryption, MDaemon Email Server, Security Gateway for Email, Email Server, Two-Factor Authentication, Email Best Practices

Brad Wyro

Written by Brad Wyro

Brad has worked in technical and marketing roles at MDaemon Technologies, where he contributes as Content Marketing Manager. Brad balances technical and creative information to develop easy to understand videos and content to educate prospects and customers.

BACK TO ALL ARTICLES

Subscribe to Email Updates