Blogs and Posts

blog

Email Security Solutions in the Age of Ransomware Attacks

  • By: Garry Feldman
  • Date: July 19, 2017

Ransomware attacks and other devastating forms of malware have gotten more ingenious over time. Gone are the days when a phishing e-mails scam or attempt to hijack your computer come through obviously fake or suspicious emails.

One recent phishing attack wave used extremely convincing fake Google Doc invites. Clicking on the “preview” icon of the fake docs would bring a recipient to a near-perfect replica of Google’s log-in screen, where the user would grant permission to a malicious third-party application to access their data.

Attacks like these are getting more sophisticated, and once inside your system they can spread without having to trick anyone else. To prevent these intrusions, telling employees to watch out for “suspicious emails” is not enough anymore. Spotting the difference between the real deal and a fake has gotten tougher over time.

Being truly secure means business must institute email security practices that defend effectively against cyber attacks. Securing email through these measures is the only way to protect your business’s most sensitive data. You can use the following best practices to get started.

Audit Current Email Use

Does your company use dedicated email addresses for employees and business roles? It absolutely should. If employees are resorting to their own email accounts, the tendency to mix business and personal life is more than a distraction. It poses increasing risks that the same account your employee uses for business could be targeted by hackers who gleaned information from personal browsing.

Ensure every employee has a unique email address to use and set firm policies on what activities are acceptable through the account. Even something as seemingly innocent as joining a website’s mailing list can provide yet one more opportunity for intruders.

Also, ensure every email contains a legal footer protecting the information contained within from being shared to third parties without permission.

Use Encryption, an Antivirus Scanner and Smart Policy for Attachments

Sending and opening attachments should not be the norm with your daily business procedures. If you share files regularly online, you should instead implement some sort of shared, cloud-based storage or intranet system.

Even encrypted emails are less secure than these services since there is no reliable way to monitor how an attachment is forwarded or altered.

Employees should always be cautious when opening an attachment unless they were expecting it from a fellow employee, client or vendor. Using an anti-virus scan service can provide an additional layer of security to these best practices.

Instruct Employees to Use Only Strong Passwords

Strong passwords are ones with lots of possible variables, like including capitals and numbers. The “strength” refers to the fact that brute-force intrusion attempts take much longer when accounting for multiple extra possibilities.

Passwords should also never be shared, even between trusted employees. Each employee should have their own means of accessing critical email accounts.

Flag Risky Email Types

Modern spam filters built into email services do not go far enough to reduce risky emails. Emails with large attachments or suspicious content should be automatically flagged for further review by antivirus programs and email security IT personnel.

Employees should also be blocked from sending “mass” emails to large numbers of recipients or forwarding chain emails since these can both expose your email addresses to cyber attackers. A comprehensive email use audit and cyber security consulting can help you determine the specific rules needed to keep your company safe.

Partner With IT Experts for an Email Security Solution in Stamford, CT

Protecting all of your possible weaknesses alone is not possible in an age where ransomware attacks constantly shift tactics and find new ways to spread. Just one mistake can bring down an entire corporate network, as evidenced by recent NotPetya attacks.

Your company cannot afford to learn from its mistakes. Instead, it needs a complete cyber solution that includes a comprehensive look at your unique network and company practices.
Get started preparing for the next wave of attacks and defending your company today by reading our free ebook on preventing ransomware attacks today. What you learn could prove invaluable for keeping your company out of the line of fire when the next big cyber attack hits.

White Papers

Blog Archive

Blog Archives
Categories
Newsletter

Connect with USCC