Email is notorious for receiving junk, also known as spam, which are unsolicited electronic messages sent from anonymous senders to large numbers of people or businesses. An even more sinister problem is email spoofing. These are legitimate looking emails which are attempts to steal information (phishing). Email spoofing has been on a steady rise and is now the biggest cyber attack method used by hackers. See: 91% Of Cyberattacks Start With A Phishing Email. It is crucial as a business owner to better understand these attacks and how they can affect your organization. More important are knowing the methods available to protect against email spoofing and phishing.
The average cost of a phishing attack for mid-size companies?
$1.6 million
A simple but effective method in your organization may be to Increase employee security awareness. Susceptibility rates (how susceptible a business is to a phishing attack) are as low as 5% when employees are well-trained, and phishing tests are executed and reported on correctly.
Although these types of attacks are a big threat to businesses, security experts have improved countermeasures to stop these types of attacks. There have been techniques developed that stop email phishing in its tracks:
DMARC (Domain-based Message Authentication, Reporting & Conformance)
In general, the fundamental problem that remains with email is that there is no built in mechanism to validate a sender’s authenticity which is a security vulnerability. That’s where these new countermeasures come into play. Over the last decade, a new email authentication standard, DMARC, has been developed to work on top of the existing email authentication methods, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). DMARC is an email-validation system designed to detect and prevent email spoofing, and utilizes both SPF and DKIM to accomplish its task. See: https://tools.ietf.org/html/rfc7489
The problem lies in the fact that these security mechanisms are not always utilized by organizations as there are some technical nuances that are not commonly understood. The main purpose of this short blog is to inform people that these email security standards are available and should be implemented in your organization! These will improve the security, integrity, and reputation of the email domain in question. Sunstone Technology Services can help setup or improve email authentication configurations for your server. See: If DMARC is so great, why isn’t everyone doing it?
For an in-depth explanation go here: dmarc.org