When talking about email security, many people think about guarding against email spam. Today's problem highlights the issue of business phishing emails and the harmful consequences that come to both the individuals receiving them and the the company where they work.
A successful email phishing attack will lure individuals into providing sensitive data or performing an action like wiring money, clicking on a link or installing certain software. This is achieved either by sending numerous or highly personalized emails (spear phishing).
So, how do you protect your business?
By focusing on the people, the processes, and the technology.
1. Training Your Team
The best way to prevent attacks is by implementing company-wide training. Every email user should be watchful: from the bottom to the very top of your organization. Your users should:
- Verify if the emails come from a trustful source and while replying, write the recipient address, avoiding the automatic option “reply to”. This ensures that the reply reaches exclusively the trusted person whose address was typed, and not the attack source that spoofed a given email domain.
- Verify the legitimacy of the email sender and check for malicious links by dragging your cursor over links and sender email. Malicious links or emails will likely not match up.
2. Testing and Reporting on the Activity
Testing is critical. Perform phishing attempts against your employees to enhance their response level towards detecting real phishing attacks. There are plenty of phishing examples, and there are even a few companies specialized in training organizations against phishing.
Moreover, and because ultimately phishing is also about the organization’s process regarding email usage, this security aspect can also be tested with verified emails. Is your accountant supposed to perform that money transfer just based on an email you sent? Should the engineer giveaway some system’s password just because you asked him to?
3. Ensure Your Technology Is Up-To-date with the Threat Landscape
Sophisticated Email Security systems are able to correlate every aspect of messages exchange and recognize and prevent emails from suspicious sources, using algorithms that determine similarities between senders and recipients, even from and to domains.
These platforms play a significant role in identifying malicious links from all emails reaching the inbox, making your company safer.
Author: Miguel Caldeira
Miguel Caldeira is a Software Engineer at AnubisNetworks with degrees in Master, Electronics, and Telecommunications Engineering. Started on GMV as Software Engineer on aeronautics security projects. He then joined to AnubisNetworks, where he is worked on email security solutions.