Email is indisputably a critical enterprise communication tool essential for sending important documents quickly and efficiently between employees, managers, HR, finance, sales, legal, customers, supply chain and more.
Unfortunately, organisations often do not understand that the file-types used every day to share important information – standard files like Word docs, Excel spreadsheets and PDFs – are also the most common attack vectors widely used for the distribution of malware. For cybercriminals, it’s often too easy to target a user with a spoofed email or phishing attack, and trick them into opening an infected attachment that appears to be legitimate. With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organisations – their security teams and employees – to adopt appropriate security strategies and best practices to prevent a company-wide attack.
Here are tips about what businesses can do to thwart these threats and keep sensitive data protected from malicious actors.
- Analyse risk factors in attached email documents
As with anything, organisations need to consider and evaluate all possible avenues of attack and decide what functions their business needs to keep or eliminate in order to operate safely. This is especially true when evaluating email attachments as a threat vector. Many people fail to understand that exchanging documents involves risk — about 98 percent of files do not conform to the manufacturers’ original document design. Before they can effectively mitigate the any potential threats, organisations need to determine whether an aberration in a file is due to an attack, or something that’s just poorly written or configured. A comprehensive understanding is required of the documents coming through their network, the types of files and structural problems, and which in-coming functional elements could represent risk. Creating a big-picture view of email security and risk posture is a critical first step towards understanding potential threats and implementing effective policies designed to mitigate risk and thwart attack.
- Avoid relying on legacy technologies as stand-alone email security solutions
Once you get a handle on the risks, it will be imperative to apply the appropriate security solutions. Most organisations have all the standard border controls, including firewall, anti-spam, anti-virus and even a sandbox, which are often still by-passed by targeted attacks. By now it’s clear that current anti-virus and other signature-based solutions placed at the border are not stopping well-crafted, highly targeted attacks, leaving gaping holes in defensive security architecture. Meanwhile, attacks conducted via malicious email attachments have become increasingly sophisticated, luring users with phishing campaigns that appear to be completely legitimate. Assume that traditional signature-based anti-virus solutions and even relatively new sandbox technology will let a socially-engineered malicious document through to the user. Remember, it only takes a user to click on one malicious attachment for a company to face disaster. There needs to be a ‘new baseline’ for security founded on innovation that does not rely on the old border security technology.
- Look for the good instead of going after the bad
Addressing gaps in email security defences will require a paradigm shift that supplants targeting the bad with techniques that look for and validate the “known good”. The reason? Cyber criminals are constantly updating their tactics. Validating a file’s legitimacy against “known good” provides a high benchmark and offers an accurate point of comparison. To that end, organisations need to validate documents against the manufacturers’ specifications and regenerate only “known good” files. From there, they can create a clean and benign file in its original format, which can be sent out again and passed along without any interruption to business. In short, it’s about asserting control over the document by bringing security to where it’s needed most – at the file level. Similarly, organisations should also continue this proactive stance by using deep file-inspection, remediation and sanitisation tools to eliminate malicious documents before they enter the system.
- Restrict BYOD with specified policies around document transmission
The BYOD phenomenon undoubtedly comes with a myriad of benefits – not the least of which is giving employees flexibility to work from anywhere and conduct both personal and business activities, including document transmission, with the same device.
However, while convenient and efficient, conducting business functions from a personal device often undermines control over the types of sites and apps used by employees. This in turn potentially exposes corporate data to information-stealing malware. Meanwhile, malware that can be transmitted via attachments to employee workstations can just as easily be transmitted via mobile devices – and what’s more, many mobile devices aren’t equipped with security solutions aimed at detecting infected documents. Thus, malware from infected documents successfully downloaded on a company mobile device will have the same access to sensitive information as it does on the corporate network. While the ability to send attachments via mobile devices might be a requirement for some, it’s best to determine for whom this function is an absolute necessity, and then restrict it to employee workstations for everyone else.
- Allow only the file-types and functional items that users need
Ultimately, organisations need to reduce the risk of a single employee opening up their whole organisation to a malware attack. Among other things, that means carefully determining the kinds of file-types and functional items that employees actually need in order to do their jobs.
There needs to be a full and careful assessment of all the variables, including potential threats employees are exposed to when receiving specific attachments, followed by a decision about the functions the business needs to operate productively. This includes, for example, which departments actually need audio, video or macros, JavaScript or embedded links in the documents they receive. If certain departments, groups or individuals don’t require these functions, reduce the risk by setting appropriate restrictions. Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table.
It is difficult to achieve 100 per cent employee compliance with any set of security procedures, but if an organisation follows these tips and uses technology to ensure that only the “known good” is admitted to the system, it will hugely increase its level of protection.
[su_box title=”About Sam Hutton” style=”noise” box_color=”#336588″][short_info id=’103090′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.