Many employees – even up to the C-level – find themselves unwitting participants in external threats delivered by email. Security experts at TELUS are seeing that email targets are going beyond looking like a suspicious email from an unknown email address. Now, they can appear to be legitimate requests from real partners, clients, internal colleagues or even friends. This attempts can be heavily socially engineered, potentially even using carefully researched personal information, like children’s names, to feign legitimacy. Falling for one of the email ruses can not only result in a data breach, it can lead to a damaged corporate reputation and loss of customer trust.
TELUS security experts advise that there is more businesses can be doing to keep up with the advancing email threats targeting employees.
First, companies should be building education and awareness within their workforce. Employees must be trained to rethink their approach to email so they become an additional line of defense. Employees should be encouraged to think critically about the requests in each email received and, when in doubt, practice calling vendors, clients or coworkers directly to confirm a questionable request.
Second, establish sound processes. If a suspicious email is found or a breach is made. It is important that all employees know exactly what they need to do to escalate it to the appropriate people to it can be appropriately contained. With a breach, time is always of the essence.
Finally, organizations should adopt a layered approach to security with extended email protection. Utilize encryption at the information level, data loss protection like setting rules to determine what information is allowed in and out of an organization, and target trusted connections between authorized users and attackers. Each of these capabilities can work together or individually. For example, if you’ve been breached by an advanced malware or targeted attack through a trusted link, you can use encryption or data loss protection to lock down information or stop information flow altogether.
Savvy security managers and organizations taking a layered approach to security already have extended email protection on their radar. If you’ve experienced a targeted attack you’ve probably realized, like most security professionals do at some point, this type of infiltration can happen to anyone. TELUS recognizes this reality for businesses and offers not just solutions for extended email protection but solutions that give organizations the visibility, understanding and control they need to protect against emerging threats – including email based malware.
By encouraging your workforce to be diligent and adopting extended email protection solutions, business will be in a much more strategic position to defend against targeted attacks through email.
Peter Romano is the Director of Corporate Security at TELUS.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…