E-Mail: Securing The Most Common Vulnerability

As your most vulnerable entry point, hackers will focus on accessing your e-mail until they're successful--unless it's secure and protected.

A Staggering Cybersecurity Statistic

Did You Know?

Almost 95% of all successful intrusion attacks come through e-mail (malware that is carried through e-mail attachments) and poor password hygiene. Hackers are hoping 1) that your users don’t use Multi-Factor Authentication (MFA), where you are required to enter a pin along with your password from unknown devices, and 2) that you and your team reuse the same passwords.

To give an example of such an attack, say a well-crafted “fax attachment notification” e-mail arrives in one of your user’s inboxes. Legitimate companies like Ring Central take fax messages and covert them into PDF attachments. Receiving attachments through this method increases risk of a hack because fax message content drops into your email inbox where other sensitive information is stored. Hackers will craft the e-mail with malicious links, attempting to phish your password or run a program to gain access to your inbox remotely so they can access any and all sensitive information.

Below is a graphic showing how hackers run processes on unsecured inboxes and workstations to gain access to your data:

Image source: https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/

How to Secure Your Company

There are a couple of ways to combat this. With our Advanced Security agreement, we start by securing your email environment with advanced SPAM/PHISH/Malware controls, as well as configuring all users to use MFA. This makes your firm a much more expensive target for the hackers.

The next part of the solution is the active threat hunting applications that we run on your servers and workstations to look for malicious activity/traffic on your networks. This is much different than traditional antivirus software that hackers are able to easily defeat.

We also recommend “white hat” PHISHing attempts. This is where someone on our team simulates crafted PHISHing attacks on your team periodically to help identify training opportunities.

Solutions to Protect You

Running a business that’s vulnerable to these attacks can be stressful, especially if you’re not sure how effective your present levels of security are.  If you’d like to see what kind of controls we can put in place, we provide advanced cybersecurity tools and staff trainings to keep your operations safe; for details on how we can assist you, give us a call to see how we can restore your confidence in the security of your company.

Image by mohamed Hassan from Pixabay

Information Technology Aligned With Your Business Goals?
Philantech3 is a complete IT services & IT support company working with organizations in Spokane.