Stopping email threats such as ransomware and cryptomining is at the center of most everyone's radar these days.
We see it on the weekly news, company A has an infestation and ended up paying 25 bitcoins to decrypt their critical systems. They were down for 10 days and lost large sums of money in the process. Company B got a trojan which allowed a breach of their network and customer records and credit card numbers were stolen.
When attacks like this happen to a business of any size, recovery of data and systems can be quite costly and a huge undertaking. Tailoring a security plan to your business is critical.
Below is a list of our top 8 suggestions to help mitigate the likelihood that you will experience such an event.
1. Use a Third-Party Mail Filtering Service
As an essential first line of defense, a third-party email scanning solution is a must.
These services sit outside of your network and scan all email as it passes through to your business. They detect malicious links, attachments and other blocked file types.
The added bonus is that they block spam/unsolicited/bulk email that waste your users time and your IT resources.
2. Incorporate a Firewall with Real-time Scanning and Malware/botnet Blocking Technology
A firewall is that black box that sits between you and the bad guys on the internet. In its most basic form, it blocks unsolicited requests to your internal network.
Adding an enterprise level firewall with the following features can eliminate a high percentage of both email and connection-based attacks:
- Intrusion protection
- Malware scanning
- Bot net filtering
- Geo-ip filtering
- Content filtering
3. Educate and Communicate with your Users
Communication and education are key in preventing malware from spreading via email, so it's critically important that you instruct them on what to look for.
Let them know that if they aren't expecting an email with an invoice or other item, then it probably is not legitimate. Invoice emails are one of the most common forms of spreading malware.
Show them examples of malicious email so that they have insight on what to look for. Explain what phishing, spear phishing, spoofing and other types of social engineering are.
Let them know that they can always ask about an email they received if they question its validity. The well-known phrase, it's better to be safe than sorry certainly applies and your employees need to understand this.
According to a survey reported by Continuum, cyberattacks cost small businesses $53,987 on average, and that is just for small businesses. The costs get worse with larger businesses. Also, according to the survey, more than 6 in 10 do not have an in-house expert to properly deal with security issues.
The more communication and education you provide to your workforce, the more you’ll be able to reduce the risks of these attacks.
4. Test Your Users
While you may have trained your users on what to look out for, the only way to know that they understand and apply these techniques is to test them.
- Create emails to test their awareness regularly but not at a consistent interval that makes them predictable.
- Create emails that use current day scenarios such as an inbound invoice, or a customer not wanting to pay an invoice.
- Tempt your users with a free phone or other goodie or pretend to be the CEO and request that someone purchase gift cards.
- Include trackable links in the email so that you get usable statistics. There are many free and paid utilities that you can use to create and track phishing.
5. Patch your Systems
What happens if a malicious email makes it through to my users? Yes, you need to ask that question.
Even with the most sophisticated email prevention system, there are times when an email with malicious intent will make it past your defenses.
Many of these threats start off with email but propagate through your network using known vulnerabilities in desktop and server operating systems as well as other infrastructure devices like your firewall and network switches.
Regularly patching your entire environment helps to assure that your systems have the manufacturers latest fixes to help against these types of attacks.
6. Use Virus and Anti-Malware Protection
An often-overlooked piece of this puzzle is antivirus/anti-malware software. Implementing an enterprise level antivirus application is a must.
These packages can provide threat detection, run time scanning and anti-phishing protection. Many include DNS filtering and even URL based scanning in email for an added layer of detection and prevention.
Through the centralized management dashboard of most of these apps you can configure alerts to warn you of detections and automatic cleanup of these events as they occur.
7. Secure Personal Wireless Devices
If you allow your employees to use their phones and other devices on your corporate network, it is essential that they be isolated from the core systems.
Setting up guest Wi-Fi with access to the internet only is a strong recommendation.
Private devices that are out of your control can be a large source of unwanted malicious activity. Many users treat their own devices with much less care and scrutiny than they do a corporate asset. They visit sites and use apps that they wouldn't normally use on a company device and rarely run any malware protection.
Even employees accessing their own personal email means you are at the mercy of these providers.
Control is key and any device that you do not manage is a potential window of opportunity for these threats.
8. Block Access to Outside Email Providers
Blocking access to outside email providers may sound silly to most but removing access to these outside sources is an additional way to thwart inbound malicious emails.
You invested a large amount of time and money into preventing these attacks, but all it takes it one person accessing their personal email, opening an attachment from a spoofed email sender, then starting a chain reaction of ransomware that could potentially spread to every system you do control.
Promises of free things, game credits, new apps, the IRS suing you and even promises of lottery or inheritance are all types of email that your users could be tempted by. Stopping access to these providers eliminates that temptation.
No system is perfect. Use a tiered protection model with products from multiple vendors. Do not put your eggs in one basket and rely on a single security services provider for all of your protection.
Review your protections effectiveness regularly. Stay informed on current security news. Do not rest on your laurels.
Security is an ongoing evolution and you should never be content.
Converged Technology Professionals offers IT Network Management and Consulting Services for businesses throughout the Midwest with local offices in the Milwaukee, Chicago, Grand Rapids, Indianapolis and Louisville regions. If your business has questions how we can help you protect your data and implement a secure and protected network, contact us to learn how we can help.
If you enjoyed reading this blog post, you might also enjoy: