Understanding Cybersecurity Maturity Model Certification (CMMC)
[ZOOM EVENT] Wednesday, June 23, 2021 @ 11AM-12PM ET


Preventing Business Email Compromises

Devastating consequences can result from attacks

Email is one of the most common methods for communicating and sharing information when it comes to operating a business. Though email is really a necessity for modern businesses, it also opens the door for cyberattacks.

According to review42.com, each person sends an average of 40 emails daily for business communication. Multiply that by the number of employees in any given business and add in the emails coming into each person’s mailbox. The number of emails can easily jump into the thousands on a daily basis, creating a challenge for companies to keep the bad actors out of their email and network. To prevent such attacks, business leaders and their employees must understand the risks they face, what types of attacks are used, and solutions for combating the threats.

Email Attacks
Hacking, as defined by Verizon’s 2020 Data Breach Investigations Report (DBIR), is the use of brute-force attacks, stolen credentials, exploitation of vulnerabilities, backdoors, or command and control functionality. There are many varieties of email attacks bad actors use to get inside your business ranging from phishing to Denial of Service (DoS) attacks. Employing the right software and training your employees on a regular basis can help save your business an embarrassing, expensive breach.

According to the aforementioned DBIR, one of the most common breach sources is the use of phishing. Phishing involves sending fake emails to targets (such as the employees in your business) that appear to be from a known or reputable source. A phishing attempt could appear to come from a client, business partner, or a well-known company such as Amazon. The goal of the email is to deceive the target into downloading a malicious attachment or link with the ultimate purpose of stealing sensitive or financial information.

To prevent phishing attacks, start with software such as Sentinel by Barracuda. While more traditional email software filters incoming emails, modern programs such as Sentinel integrate with other commonly used business programs such as Office 365. These programs find threats within the mail system from both external and internal sources to block fraudulent emails before they even make it to your employee’s inbox.

Other steps to prevent phishing attacks include educating your employees through regular training sessions with mock phishing scenarios, keeping your network and systems updated continuously with patches and updates, and utilizing a web filter that blocks malicious websites. You’ll also want to develop a security policy that includes password complexity and expirations at regular intervals. You can also encrypt all sensitive or proprietary business information and require encryption and/or the use of a virtual private network (VPN) for all employees working remotely. This last piece is especially important given the uptick in remote workers due to the coronavirus (COVID-19) pandemic.

Bad actors often employ malware, also known as “malicious software,” to crack into networks. This software uses a program or code that can harm your computer hardware or software programs. Malware can be confusing and dangerous because it can also pretend to warn network users (your employees) of “harmful software.”

The malware can pop up on screen “warning” you and/or your employees about a problem with the company network. The purpose of the malware is to convince you or your staff to download software to “fix the problem” when it really is meant to steal or encrypt your business data. Furthermore, the software can hijack computer functions and make it impossible to work.

Malware can even be used to attack your computers when you or your employees visit a hacked or specially-crafted website. It can also be delivered to your network as an infected file that is downloaded. Finally, it can be introduced straight into your network via email that launches as soon as a bad email is opened.

To combat the threat of malware, it’s best to employ anti-malware software through your entire network. Train your employees not to open emails from people or businesses they don’t know and to report suspicious emails to your IT department or third-party cybersecurity provider such as Dox Electronics immediately. During training, also educate your staff not to visit unknown or unsecured websites and to avoid downloading attachments from unknown or untrusted sources. They should also be taught not to follow links from unknown or untrusted sources as well.

Denial of Service Attacks
A DoS attack is when a hacker turns your network and company resources against you. This type of cyberattack occurs when a bad actor temporarily or permanently disrupts your network services so you can’t access your data or use your computers to conduct business as usual. Traditionally, DoS attacks flood your network, software, and/or hardware with innumerable requests in order to overload the system, preventing you and your employees from working. Effectively, it brings your organization to a screeching halt.

According to the Cybersecurity and Infrastructure Security Agency (CISA) hosted by the United States Department of Homeland Security, a DoS attack can affect email, websites, online accounts (think banking), and other services that rely upon any computer or network that has suffered an attack. This can cost your organization time and money as your services and resources are reactivated.

One of the most effective methods for preventing a DoS attack is to enroll in a DoS protection service. Such software can detect an abnormal flow of traffic to your network and redirect it so that your systems don’t become overwhelmed. While the DoS traffic is filtered out, your normal network traffic can continue unabated.

This attack utilizes software that works to gain access to your business network and files. The software then locks access to the data files and software your organization uses every day to operate. Once ransomware is deployed, the cybercriminal(s) responsible typically demand a fee, often in the form of cryptocurrency, with the promise of unlocking your files.

One of the best ways to beat ransomware is to regularly back up your digital data. This can be done through the use of software or on the cloud. Backup your data regularly and also ensure your business always keeps at least one complete backup offline. This helps to protect against newer ransomware that tries to encrypt your backups as well. Cloud backups are still fine but need to be complemented with periodically saving an offline copy to removable disks or tape.

By following the above recommendations, you will have working copies so if ransomware does cause an issue, you can tell the bad actor to pound pavement and your files can be quickly restored. This means little downtime for your business operations and continuity without paying a huge ransom to get your data back.

A Cautionary Tale of Woe
There can be devastating consequences when an organization fails to prevent an email compromise. Bad actors prey on uneducated staff members within a company, targeting them for an email compromise, which is why regular employee training is so imperative. One financial company felt the pain of falling victim to such a compromise.

In an online piece by Mondaq.com, it was reported that an employee in the company fell for a phishing attack. As a result, cybercriminals accessed the firm’s email system. The attackers then crafted a fake email requesting a $1 million wire transfer in the name of one of the company’s clients. The firm, none the wiser, made the wire transfer right into an account controlled by the bad actor who had concocted the scheme.

As a result of the $1 million loss, the Commodities Futures Trading Commission (CFTC) became involved in investigating the issue. The CFTC found the victimized firm was responsible for the attack as it had violated applicable regulations regarding proper cybersecurity. According to the findings of the CFTC, the company had “adopted a generic cybersecurity policy rather than one tailored to its business,” according to the Mondaq article.

Additionally, the firm also failed to assign cybersecurity responsibilities to a dedicated employee after the previous one had left. Furthermore, the company did not have compliance personnel qualified to assess cybersecurity risks in place and it failed to conduct a complete assessment of the breach once it was discovered.

The CFTC also condemned the firm for allegedly failing to follow proper wire confirmation processes as well as the company’s decision to not disclose the breach to its existing or prospective customers. Based on internal documents circulated within the company post-breach, the CFTC discovered there were also “concerted efforts” by the company “to keep the fact of the breach from its customers and the public” for fear of loss of reputation and business.

A Few More Words
In addition to the tips shared for preventing the attack methods mentioned above, ensure that your company has crafted a business-specific disaster recovery plan should the worst occur. As part of the plan, you also need to have a dedicated employee or third-party provider available to address threats or incidents that employees can report to directly. You’ll also want to check that your antivirus software and firewalls are updated and properly configured on an ongoing basis. Finally, we can’t stress enough the importance of regular employee training for cybersecurity as they really are your first line of defense.

If you have questions about preventing email compromises, cybersecurity training for your staff, or software programs to prevent attacks, contact Dox Electronics at (585) 473-7766.

Share This Posting
Copyright ©   DoxWeb Design & SEO by Scriptable Solutions