Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
NHI, AI & IAM Suppo...
Remote email securi...
 
Notifications
Clear all

Remote email security: where identity controls still break down

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 8151
Topic starter 24/06/2026 10:53 pm  

TL;DR: Secure remote email access depends on message authentication, encryption, domain protection, VPN use, and offboarding discipline, according to DigiCert. The article shows that email trust failures are still identity failures first, because spoofing, unmanaged senders, and stale accounts undermine both confidentiality and brand trust.

NHIMG editorial — based on content published by DigiCert: Five Tips for Secure Remote Email Access

Questions worth separating out

Q: How should organisations secure email access for remote workers?

A: Use layered controls rather than relying on a single protection.

Q: Why do spoofed emails remain such a serious identity risk?

A: Spoofed email works because recipients often trust the sender before they inspect the message.

Q: What do security teams get wrong about email encryption?

A: They often treat encryption as if it alone proves trust.

Practitioner guidance

  • Deploy S/MIME for high-trust mail flows Use certificate-backed signing and encryption for communications that carry approvals, sensitive data, or external commitments.
  • Move DMARC from monitoring to enforcement Inventory every legitimate sender, including marketing platforms and other third-party services, then progress from policy=none to quarantine or reject once alignment is verified.
  • Tighten remote access with certificate-based VPN authentication Require stronger authentication for remote email access than passwords alone, especially for staff using home or unmanaged locations.

What's in the full article

DigiCert's full blog post covers the operational detail this post intentionally leaves for the source:

  • Step-by-step S/MIME setup guidance for users and IT teams.
  • DMARC deployment stages, including how to move from monitoring to quarantine or reject.
  • Email security considerations for remote users connecting from home or unknown locations.
  • Practical email policy and awareness tips for reducing phishing and spoofing exposure.

👉 Read DigiCert's guidance on five tips for secure remote email access →

Remote email security: where identity controls still break down?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
digicert email-security dmarc s-mime remote-work
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  digicert (376) , email-security (26) , dmarc (16) , s-mime (1) , remote-work (17) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.