SECURITY CHECK-IT: STEP 3
Safely exchange information externally
This week we will discuss an extension to the items we already mentioned in our first blog. Missed our first blog? No problem, read Mini Security Audit, a few basic encryptions every company should have here. After you’ve made sure no one can send messages in your name, we will reverse the roles this week. Unfortunately, you cannot rely on the fact that all the parties you work with have their security in place down to the last detail. That is why it is important to adapt the most common source of infection first. We are obviously talking about email here. The package most commonly used by companies is Office 365. It is equipped with standard security, but the security of other solutions is often not enough. This blog will consider the different aspects of email and document sharing in more detail.
Watch out for Phishing!
Although you have executed all the previous steps correctly, hackers may send internal fake mails to encourage you to make an urgent payment, for example. This mail will seem to have been sent by your boss. Phishing specialists use domain names that resemble the usual domain names, for example @tynéso/com instead of @tyneso.com. This small detail in the domain name is something that is not immediately noticeable, but makes a world of difference. An Artificial Intelligence solution that intercepts this, combined with regular phishing training for the employees, can prevent a lot of harm.
A secure environment for your attachments
Emails often contain attachments that may contain viruses and/or malware. To reduce this risk an advanced mail filter should be installed. This filter will open attachments in a sandbox (a secure environment), start it up, even speed up the time to see if this document has no malicious intent now and in the future, and will only deliver it to the recipient when all checks are negative.
A more modern way of exchanging files, especially for large files, is sharing a link to a Sharepoint or OneDrive environment. The mail server will only see a link passing by and will not be able to scan the document itself. Because you cannot be sure that the sender is properly secured, the risk is for the receiver. If the recipient has an MS ATP for Office 365 license, he will automatically scan any file shared via Sharepoint or Onedrive and only make the document available when the document is not infected.
This is the best way to use website links in your emails
Finally, emails often contain links to websites. Emails today are almost always formatted in HTML. This means that you look at a nice layout and not at the underlying code. For example, the email may contain a link https://www.kbc.be/ , but nothing prevents a hacker from sending you to another website via an underlying link. You can solve this with a cloud solution that scans all links. You will not be able to open these links and be redirected to a warning page.
In many organisations email is the most commonly used means of communication, both internally and externally. Hackers also know this and are all too happy to lure companies and their employees into their trap with phishing emails or underlying links to fraudulent sites. But hackers aren’t the only problem. Attention should also be paid when sending attachments. Attachments often contain viruses and/or malware that your company should be wary of. It is therefore important to have the right solutions and to remain alert.
Do you have any more questions or would you like to exchange more information about external secure information? We will be pleased to help you! Send an email to checkit@tyneso.com and we will contact you as soon as possible!
Related Tips
Based on our years of experience, we’ve created a 15-step plan, offering free advice to bring your security to a higher level.
Read all about it.