Six mail security mistakes companies make that cost them millions
We know the risks involved with doing business today: cash flow, people management, government regulations but do you fully understand the cyber risks involved with running your day to day operations?
Let’s face the facts
%
of social engineering attacks are delivered by email
while just 3% arrive through a website, and 1% are associated with phone or SMS communications and malicious documents respectively.
– According to DBIT
$4.24 million
Is the average cost of a data breach in 2021
This is the highest average total cost in the 17-year history of this report.
– According to IBM
The six email pain points of 2021
To improve your mail security, here are six things that you need to take into consideration
1. Lack of Visibility
Poor Visibility Tracking and Identifying Risky Rules
Inbox rules are the ones that do something automatically with email, which usually triggers upon the arrival of the mail. Mal-actors, be they malicious or well-meaning-but-foolish, can use rules that result in harmful incidents such as:
- invoice fraud (and other similar scams),
- data-leakage
- espionage
- vandalism
2. Accessing Mails Remotely
Accessing of Mail (Remote Access)
Remote working, once an occupation of a few, has now been thrust upon us in 2020 and 2021. If there is not an additional layer of mail authentication configured on your mail platform, attackers can easily gain access from anywhere in the world if your credentials have been compromised.
3. Lack of User Awareness
Lack of User Awareness Training
Users are the biggest risk when it comes to email attacks as they unknowingly click on malicious links or supply their credentials to fraudsters posing to be legit. User Awareness programs should be ongoing to continuously test and train users
4. Breach of Admin Accounts
Mismanagement of Users and Admins
In managing and monitoring security configurations, admins often overlook the basics around user privileges. This is because it needs consistent attention. The following issues can occur
- Having too many admins
- Shared admins privileges
- Admin Accounts are not linked and centrally managed by one user
- Cleanup of old accounts is not managed properly
- Admins that require mail does not have a separate non-admin account for mail
If these accounts are breached, attackers can have full control over your mail platform.
5. Misconfiguration
Default Audit log on Mail Platform not enabled
Microsoft has provided some useful auditing across all license bands; however, one would think that it audits things by default. It does not. You need to configure these.
6. Lack of Mail Security
Mail Security Features not configured as per best practices
One cannot rely on out of the box configuration when it comes to security features, you will have to identify the gaps and align this to the organisation’s malware policy. Example: Domains can be spoofed and used to look as if you are sending the mail from the correct domain, if you have not configured DMARC and SPF within your mail configuration, you are an easy target for attackers.
Where are you on the risk profile?
Take our quiz…
About the A-Team
AVeS Cyber Security is a specialist IT Governance & Architectural services consultancy that combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 21-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the constantly evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. In 2018, the company won eight awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things.
The AVeS Team has been instrumental in the review and update of our ICT policies and procedures. Their combination of skills and experience makes the partnership with AVeS Cyber Security a good one for the IT department at Palabora