The coronavirus pandemic is reshaping companies’ cybersecurity strategies. İsmail Saygılı of Seccops Cyber Security Technologies General Manager, who draws attention to the attack attempts of hackers who have the opportunity to increase the e-mail traffic during the quarantine, shares 8 cybersecurity suggestions that companies should implement against e-mail attacks.

The world of cybersecurity is working hard to combat the coronavirus pandemic. In particular, it is seen that hackers have carried out attacks on e-mail services that were used extensively in this period by targeting the employees of the company who switched to the remote working system. E-mail attacks, which are seen as the spreading point of many malware, seriously threaten companies in the quarantine process. We will talk about 8 cybersecurity measures that companies should pay attention to e-mail attacks targeting important corporate data.

Need Advanced Email Defensive Line

Security solutions offered by email service providers classically filter incoming and outgoing email traffic and try to block malicious content before they reach their recipients. However, filtering only spam and suspicious links is not enough for an advanced email security solution. An email security platform needs to constantly block suspect items, quarantine them, and connect to the relevant threat intelligence on time. That’s when the infrastructure of the proactive email security layer is ready.

In increasing email traffic, 9 suggestions/steps for companies to be alert to cyber attacks.

  • Don’t just trust on Anti-Spam solution.

In today’s conditions, trying to protect yourself from harmful or suspicious content by trusting Anti Spam cannot be considered a valid solution. Note that your email security solution should include advanced layers of security that scan email attachments and filter content.

  • Stay up-to-date

Especially in cybersecurity solutions, you should always be up to date. You need to make sure that (just example) hackers who evaluate such important crisis processes like quarantine do not harm the file type you know as safe two weeks ago.

  • Have automatic reporting

Your cybersecurity team needs to have full control over all available email infrastructure and policies, as well as know about all detected and quarantined files. Thus, malicious e-mails should not escape the attention of your experts. That’s why configurable, automated reports are vital to your team’s success.

  • Extend the capabilities of your email security platform

Another important issue to consider is the capacity of your system to scan and control large volumes of e-mail and mail attachments. In fact, the more filters you apply, the greater the workload will grow. That’s why your solution needs to be built on reliable technology that can guarantee high uptime and service continuity.

  • Be alert to the employee factor

Many security experts assume that the employee element is beyond their control. Increase your employees’ awareness of information security. In fact, employees can be trained to implement security measures. For example; Simulating phishing attacks once or twice a year is one of the effective ways of doing this. In this way, the human element is protected from many harmful interactions and has less impact on the security process.

  • Be wary of BEC (Business Email Compromise) phishing attacks

BEC is a type of fraud that targets bank transfers and companies with suppliers abroad.

BEC attackers often imitate the CEO or any authorized manager to make a bank transfer, using social engineering methods to fool employees and managers. It carefully researches and closely monitors potential target victims and organizations.

It is necessary to be careful against this type of phishing attack that involves fraud and is fed by tactics such as phishing and password theft. According to the researches, it is seen that 70% of the companies do not have the technology to protect themselves against this type of phishing (fraud) attacks. If companies do not take precautions against such social engineering attacks that they can suffer the most, defense weaknesses arise. However, this threat can be solved by the above-mentioned article 5. In addition,

  • Separate your payments from email communication

We recommend that you do not use e-mail for any financial transaction when billing attacks are the highest level in recent years. Your system should control and block the delivery of such sensitive information by e-mail.

  • Prevent data leakage

Although a wide variety of information can be obtained from your company’s e-mail servers, the most sensitive ones are; personally, identifiable information is personal financial information and encryption keys. Such leaks can lead not only to financial losses but also to a violation of the protection of personal data such as GDPR. So an advanced email security solution should not only block malicious URLs but also prevent any personal or sensitive data from being sent by email.

 By İsmail Saygılı
Istanbul / TURKEY

Click to rate this post!
[Total: 4 Average: 5]