Email Security & Workflow Best Practices
Safer habits. Less clutter. Fewer headaches.
Email is still the #1 way attackers get into businesses — and it’s also where a lot of day-to-day frustration lives. Overflowing inboxes, missed messages, weird rules firing off… it adds up.
The good news? A few smart habits can dramatically improve both security and sanity — whether you’re using Gmail or Outlook.
Let’s walk through what “good” looks like in the real world.
Start With the Big One: Stop Clicking Email Links
If you only take one thing from this article, make it this:
👉 Don’t click links in emails.
Even if the email looks legit. Even if it says Microsoft, Google, your bank, or a vendor you trust.
Instead:
- Open a new tab
- Go directly to the website (type it in or use a bookmark)
- Log in there
Why this matters
Phishing emails are really good now — we’re talking pixel-perfect copies of real login pages. The only difference is the URL, and that’s easy to miss.
Clicking the link is how attackers:
- Steal passwords
- Capture MFA codes in real time
- Trick you into approving login prompts
Going directly to the site breaks that entire attack chain.
How to Recognize Phishing (Without Overthinking It)
You don’t need to become a cybersecurity expert — just look for patterns:
🚩 Common red flags:
- “Urgent” language (act now, account suspended, etc.)
- Unexpected attachments or invoices
- Slightly off sender addresses (like micr0soft.com)
- Requests for login, payment, or sensitive info
- Messages that feel off, even if you can’t explain why
A simple rule:
👉 If the email creates urgency or asks you to act — slow down instead.
When in doubt, don’t interact with the email at all. Go directly to the source.
MFA + Email = Non-Negotiable
Your email is your reset hub. If someone gets into it, they can reset passwords to almost everything else.
That’s why:
👉 Multi-Factor Authentication (MFA) should always be enabled
This applies to both Gmail and Outlook.
One extra step shuts down the vast majority of account takeovers.
We have a whole article just about MFA best practices and why. You can read that here.
Inbox Organization: Helpful, But Don’t Overdo It
Filters can be great — or they can quietly cause problems.
When filters are useful:
- Newsletters and marketing emails
- Automated system alerts
- Receipts and confirmations
- Low-priority notifications
When NOT to use them:
- Important client/vendor emails
- Internal communication
- Anything time-sensitive
Why?
We’ve seen it countless times:
“I never saw that email…”
…and it turns out a rule quietly moved it somewhere no one checks.
Best practice:
👉 Keep your primary inbox for important, human-generated communication
👉 Use filters intentionally on the right kind of mails.
We have a whole article just on email archiving here.
Monitor Your Email Rules (Seriously)
This one flies under the radar.
Attackers who gain access to your email often:
- Create hidden rules
- Auto-forward your emails externally
- Move certain messages out of your inbox
What to check regularly:
- Forwarding rules you didn’t create
- Rules moving emails to strange folders
- Anything marked “read” automatically
Both Gmail and Outlook allow this — and it’s a common persistence trick.
👉 If something feels off, checking rules should be one of the first steps.
Archiving > Deleting
Deleting emails feels clean, but it’s not always helpful.
Why archiving is better:
- Keeps records for future reference
- Makes searches easier
- Reduces risk of losing important info
- Keeps inbox clean without losing data
Ideal workflow:
- Inbox = active items
- Archive = everything else
Both Gmail and Outlook are built around this model.
Storage Management (Without Losing Your Mind)
Email storage fills up faster than people expect — especially with attachments.
Smart ways to manage it:
- Regularly archive instead of leaving everything in inbox
- Delete large, unnecessary attachments
- Save important files to a shared drive or cloud storage
- Avoid using email as long-term file storage
Pro tip:
Search for:
- “has:attachment larger:10MB” (Gmail)
- Large file filters (Outlook)
Clean those up periodically and you’ll avoid surprise storage limits.
Attachments: Treat Them Like Downloads from the Internet
Because that’s exactly what they are.
Best practices:
- Don’t open unexpected attachments
- Be cautious with PDFs, ZIPs, and Office files
- When in doubt, confirm with the sender another way
Even if it’s from someone you know – their account could be compromised.
Keep It Simple (Seriously)
Overcomplicated systems create risk.
We’ve seen:
- Dozens of folders no one uses
- Rules no one remembers setting up
- Missed emails due to over-automation
👉 Simple, visible, and intentional beats clever every time.
What “Ideal” Looks Like
If we could design the perfect email habits for most users, it would look like this:
- ✅ MFA enabled everywhere
- ✅ Never clicking email links
- ✅ Minimal, intentional filtering
- ✅ Regular rule/forwarding checks
- ✅ Inbox kept for active communication
- ✅ Archive used generously
- ✅ Attachments treated with caution
- ✅ Storage maintained proactively
Nothing fancy — just consistent, smart behavior.
Security That Actually Fits How You Work
At Ultrex, we don’t believe in one-size-fits-all rules or locking you into a rigid system.
Some teams need structure. Others need flexibility. Most fall somewhere in between.
That’s why:
- We don’t bill per ticket or per quick question
- We don’t push one specific tool or ecosystem
- We tailor everything to your budget, workflow, and risk tolerance
Because the goal isn’t “perfect security on paper” — it’s security that people actually follow.
Want Help Cleaning Up Your Email Setup?
If your inbox feels messy, your rules are questionable, or you just want a second set of eyes on your setup — we can help.
We’ll walk through it with you, simplify where needed, and make sure your email is working for you, not against you.