I got a LinkedIn message from one such firm offering its services.

When a company contacts me to offer its services, I check its email system to make sure it is set up correctly and securely. It is an easy check because all these records are public.

For example, you can use free online tools to look up a company’s email domain and see if they have basic protections like SPF, DKIM, and DMARC in place. Just enter their domain into one of these tools, and you’ll see whether they have taken some simple steps to secure their communications.

I especially do this check when a company handles sensitive information, and you can’t get much more sensitive than private financial information!

From experience, when these settings are missing, it can suggest the company may not have professional IT support, as these are basic security settings that have been around for 30+ years.

Unfortunately, the owner, who I imagine may not know IT and therefore may not be aware of the missing settings, told me he is confident his email security is okay. That would be a bit like me telling him, actually, my tax return is okay, while not knowing anything about tax.

It’s getting harder and harder now to run a business while pretending your IT is up to scratch because it’s becoming easier and easier for customers and potential clients to check and validate. And with more leads and clients looking to see if companies they partner with have Cyber Essentials, it’s getting harder to pretend your IT is up to scratch when it isn’t.

If you’re unsure about your own email or IT security, it’s a good idea to review your setup or ask a professional to take a look. Taking action now can help avoid problems in the future.