Date: Feb 17, 2017
Title: Email security
In a previous article, I wrote about the increase in Ransomware attacks how to counter and prevent them, and more importantly, how to plan your recovery, post attack.
This article will deal with an overall strategy as regards your email security and the prevention of attacks.
It is no secret that large corporations are the constant focus of the black hat underworld, ready to pounce and always ready to exploit. Phishing, whaling and ransomware attacks typically originate as emails, bypassing the traditional “steel wall” of defence a traditional firewall and anti-virus suite would offer the client. It is estimated that more than 90% of attacks originate as an email. Much like the proverbial “castle and moat with drawbridge” protection, the classic hard network perimeter protection is obsolete. One only has to consider the perimeter-less nature of “the cloud” to recognise the risk. Add to that a typical mix of staff (many being IT illiterate), mobile devices, bad BYOD policies and the like, and the reality is; most companies are vulnerable.
While one cannot realistically prevent ALL attacks, focus on three critical areas will much reduce company risk.
- People – Have a strong team in place who are highly trained, kept up to date with developments and have simulated recovery processes. This team should communicate risks and processes to all staff members who access any part of the network.
- Process – Have a tested process in place for
- Identification of an issue or a potential issue
- Identification and management of the infection
- Recovery and post mortem
- Technology – There is an ever evolving technological defence against these types of attack; evaluate, deploy and keep up to date with software and hardware technologies that are constantly evolving to counter these threats.
How to recognise that an attack is being initiated
- Mail from a spoofed address – You receive a mail from a known supplier, or a trusted website…but the address is minimally changed. As an example, you are offered a free subscription from the “Daily Bugle” from firstname.lastname@example.org This misspell of “bugle” goes unnoticed, and the target opens the mail. – The hook is set.
- TXT or mail to a middle exec from data gleaned from social websites – You receive an urgent mail from your CEO, who is currently out of the country on business (This info is gleaned from his Linked in or Facebook page). He instructs you to urgently pay XYZ account, something he forgot to tell you about before he left. Being the bright spark you are, you zealously carry out his instructions and you process the payment. – The hook is set.
- Mail suggesting payment due to you – A low level staff member receives a mail suggesting that your company is due a substantial amount of money, see attached invoice. The staff member opens the mail. – The hook is set.
How to prevent an attack
- Educate your users, again and again. Update them on recent attacks, the successes and the failures. Bring it to their attention that your company is under constant risk of attack.
- Train all users to automatically check the senders address, and if there is doubt as to the mail, there is no doubt as to the action. Don’t open any suspicious mail and advise your IT guru of your suspicion immediately….he will kiss your feet if you prevent an attack.
- Install and maintain applications that filter potential phising, whaling and malware attacks
- Simulate external attacks, identify vulnerabilities internally. See who goes for the baited hook.
- Update your hardware to suit and evolve your thinking beyond the perimeter-centric patterns of yesteryear. Staying with current detection technology, filtering applications and systems is paramount to your overall protection.
Finally, the glue that holds all your plans together is a full buy in by your company executive. Having the best security expert advising and protecting is worth zip if the top team don’t recognise the value of this investment. The education process often has to start here……
Select IT’s consultants are there to advise and assist you in this matter, please feel free to call or email me to schedule a free assessment of your infrastructure.
027 524 9995