Email is a huge threat vector
Between spam, phishing, business email compromise and ransomware the list of risks is long. Email gives attackers a direct line to their victims. It’s no surprise that with daily phishing attacks and spam email, business leaders are increasingly worried that their IT security and email protection aren’t keeping pace with attacks.
The greatest security risk
Most security professionals understand that employees are a company’s greatest security risk. Most employees use email all day, every day. Spam, phishing, and spoofing account for most corporate security breaches. Even with greater focus on security training, our research shows that as many as 40% of employees still click through phishing attempts and enter corporate or personal information.
As social engineering becomes more sophisticated, the email security tools that help protect our data need to evolve as well. Default email protections that come with Microsoft Office 365 and Google G Suite are inadequate to stop rogue messages from making their way to employees. Layering on levels of protection from both a technical and process perspective are critical to maintaining adequate email security.
Ascend recently reviewed and updated our email security to ensure adherence to our best practices. We’ve taken the lessons we learned and assembled a security offering that helps firms improve email security and reduces their exposure to these threats. While user training and phishing awareness is our best defense, the following technical safeguards were implemented to enhance our email protections.
Multi-Factor Authentication (MFA)
First, Multifactor Authentication (MFA) was deployed to help protect against unauthorized access if a user’s password become compromised through a phishing attack.
- Microsoft Authenticator – The Microsoft Authenticator mobile application was installed on employees’ phones as an additional layer of security and authentication for email.
Advanced Threat Protection (ATP) for Email
Then, Office 365 zero-day protection features were configured to identify and block malicious emails.
- ATP Safe Links – The ATP Safe Links feature immediately checks for unsafe URL before opening the website. If malicious behavior is detected, the URL is blocked.
- ATP Safe Attachment– ATP Safe Attachments feature, the email attachment is opened and tested in a virtual environment before the user receives it in their inbox. If the attachment is determined to be malicious, it will be removed automatically. If the attachment is safe, it will open as when clicked on.
- ATP Spoofing Intelligence – ATP anti-spoofing alerts users to suspicious and impersonated emails by running the following checks:
- Does it look like a spoofed message?
- Did pass authentication?
- Does it have good reputation in industry?
- Is there any other information out there about the email?
Finally, additional hardening steps were taken so users could trust the email in their inboxes.
- SPF (Sender Policy Framework) – Validates true identity of customers, clients and partners as authorized senders.
- DKIM (Domainkeys Identified Mail) – Verifies message content hasn’t been compromised while in transit.
- DMARC (Domain-Based Message Authentication) – Policy that empowers SPF & DKIM are valid before delivering Email.
- EOP (Exchange Online Protection) – Mail flow rules – Allows us to segregate known malicious senders before they hit our internal spam filter and go through the quarantine process.
In the end, there is no silver bullet when it comes to preventing all attacks. As attacks continue to evolve, Ascend will continue to manage our email hardening techniques and educate our employees to reduce the risk of a potential email compromise.