Companies rely on secure, safe, and robust information technology solutions in order to keep business running smoothly. As more and more correspondence is done via email, email security is a major security control point for companies and one that should not be overlooked. This month’s Kurve is brought to you by our friendly neighbourhood information technology (IT) service provider, Jamie Larabie of Lara-Tech IT Solutions, who discusses email security – the types of email attacks, what to do if your email is targeted, and protection options.
Email Security
Email security refers to the methods used to secure the access and content of an email account or service. For this description I will stick to how an organization can reduce the possible risks associated with the relentless attacks from hackers/spammers. It’s very important to remember that hackers can take control of almost any device used to access emails and websites, PCs, smart phones, tablets and other devices. The attacks range from spoofing email addresses, infected attachments and re-directed links to fake websites:
Spoofing Email Addresses:
When the sender of the email forges (spoofs) the email header from its address, the sent message appears to have come from a legitimate email address. If you have received a high volume of undeliverable notices in your inbox, there is a strong chance your email address is being spoofed.
Infected Attachments:
In today’s environment we receive many emails with attachments as it’s a convenient way of sharing files with others. Cybercriminals also take advantage of this, by sending emails with spoofed email addresses and infected attachments (mainly PDF format) that include malicious code that can take control of the device used to open the attachment. They also can send emails from compromised accounts with infected attachments, from users who were tricked by the re-directed links discussed below.
Re-directed Links:
Another method of attack, associated with the first 2, re-directed links are the embedded links in emails that are not pointing to where the displayed link shows. For example, a common way for cybercriminals to acquire your email password, is to send an email that looks like it’s from Microsoft, with a fake link that brings you to what looks to be an official Office 365 login page, once there, the user enters their email and password. The cybercriminal almost immediately logs into their webmail account and sets up rules to re-direct emails and the like, and then usually starts an email blast to all contacts in that account, which normally has a much higher percentage of clicks!
Protection Options
A corporation needs to discuss with their IT representatives, whether they are employees or contracted service providers and ensure they have the correct infrastructure security measures in place. The following is a list of what I consider to be minimums today:
1. Firewall with malware/virus scanning capabilities for network traffic, and content filtering
2. Managed anti-virus/malware client-based solutions installed on workstations and servers
3. MFA/2FA solutions – multi factor authentication or 2 factor authentication (described later in the article)
4. Staff training on recognizing re-directed links and email spoofing
5. Off-site backups that are not susceptible to a ransomware attack
6. Optional DNS service that assist in recognizing sites that are malicious
Individuals really need to take more time when clicking on external links or attachments received in emails, as cybercriminals depend on the fact that in today’s world, users are usually in a time-sensitive situation, and don’t review the whole email before acting. Would you open your front door if you didn’t recognize the person knocking?
MFA/2FA:
One of the best ways for corporations to protect their email environments today, is to enable MFA/2FA. What is that? Well, it is a mechanism that incorporates a second authentication requirement before a user can access the emails via application or webhost. In most cases it is only required once and it sends a code to your cellphone or secondary email address. This prevents the email password attack, as the cybercriminal cannot access emails via the web even with the password.
What to Do When Your Email is Attacked
There are some fundamental measures that should be taken when your email is targeted. It is important to inform everyone on the email and not to engage with the sender. Ensure you take the following steps when your email is compromised:
- Inform your IT provider immediately
- Inform all employees immediately
- Identify all affected outgoing email recipients and inform/advise them to delete the email immediately
- Do not open any attachments, do not respond to the email
- Consider implementing additional security measures
Reporting Breaches:
Based on your industry, you may be mandated to report any incident where an email account is compromised, if that email account contains information classified as having personal client information. In Canada, our privacy laws are housed in the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs which cyber attacks to report and when. For more information, see the following link: https://bit.ly/2I1qZYn
***
I will end with a quote from FBI Director, Robert Mueller, “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
This article has been written in general terms to provide broad guidance only. It should not be relied upon to cover specific situations and you should not act upon the information contained herein without obtaining specific professional advice. Please contact our office to discuss this information in the context of your specific circumstances. We accept no responsibility for any loss or damage resulting from your reliance on the information in this article.