Email Safety: How to protect your organisation from Phishing - By Lewis Marrow Cyber Security Specialist - Lineal Software Solutions
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Email Safety: How to protect your organisation from Phishing By Lewis Marrow Cyber Security Specialist Lewis.marrow@lineal.co.uk
Who are Lineal? • Managed Service Provider (MSP) based in North Devon • Two core services: IT Support & Software Development • Trading for over 30 years • Support over 200 customers across the UK & overseas
Aims of this Webinar • To make you more aware of what email threats your organisation could face. • To help you understand how your organisation can manage this risk. • To understand how every user can protect your business from email threats and prevent a breach.
Why Cyber Security is important? • 46% of businesses in the U.K have identified at least one Cyber Security breach in the last 12 months (Source: National Cyber Security Centre - Cyber Breaches Survey, 2020)
What is ‘Phishing’? The practice of sending fraudulent emails to obtain sensitive information: • Financial information/assets • Personal data • Corporate information and sensitive data • Access to private systems or computer networks to facilitate a larger attack
Fake email Believable address company branding Link to a fake site that looks like a real Adding a domain personal touch Additional advice section to make it more believable
Phishing Example – ‘Your TV License has Expired’
Phishing Example – ‘Get Rich Quick’
Phishing Example – ‘Competition’
Phishing Example – Fake News
Phishing Example – DPD Notification
Phishing Example – File Sharing
Phishing Example – Covid-19
Phishing Example – Document Link
Phishing Terms – ‘Social Engineering’ • Involves psychologically manipulating people to gain information or to get them to do something e.g. transfer money to an unknown bank account • Phishing is a form of social engineering where a person tries to manipulate individuals for their own purposes usually via email.
Phishing Terms – Social Engineering EXAMPLE GOES HERE
Phishing Terms – Smishing and Vishing • Smishing – A form of phishing which involves text messages or phone calls for financial gain and to harvest personal data • Vishing – A form of phishing that appears to be from a trusted source.
Phishing Terms – Smishing and Vishing
Phishing Terms – ‘Payload’ • Dangerous attachments, documents and .exe files in emails - can contain macros, .bat .ps1 or other script files. • Can contain other compromised attachments or links to harmful scripts on the web – a single clicked link can be sufficient to deliver a browser exploit with some malware • Used to cause harm on your computer • Many different types of malware payload
Phishing Terms – ‘Ransomware’ • Malware which encrypts your data and then attempts to sell it back to you • Can operate across a network, affecting not just one computer but also others and potentially servers if relaxed permissions are in use • You don’t always get your data back
Case Study – ‘WannaCry’ (2017)
How can I protect my Business?
Where is my email located? • No matter where you email is located, preventing phishing should be a priority. Onsite In the Cloud
Protection Mechanisms: User Training • Users are the weakest link when it comes to security. • Train users to ensure they are aware of threats and know how to respond: be careful, don’t click, and report readily. • Education is vital to the protection of networks and businesses • Regularly assess employees to ensure they are aware of cyber threats and respond appropriately • This webinar can be considered end-user training
Protection Mechanisms: Policies & Settings Configure policies in your existing email provider to reduce the chance of phishing attempts: • Creating a block list – not just domains but also locations • Speaking to your IT provider to strengthen your anti-phishing, anti-spam and anti-fraud policies in Exchange, Microsoft 365 or Google Workspace / G Suite • Enable audit logging so account activity is logged, including file deletes, password resets & emails • Consider the use of AI-based services that can predict abnormal communications and block or warn users
Protection Mechanisms: Firewalls To strengthen your approach, use an email security firewall • Scans and detects Malware • Prevents spam and phishing • Allows users to block and quarantine emails • Reduces spam in the organisation • Reduces the risk of a breach
Protection Mechanisms: Passwords • Secret word or phrase used to gain access to something that is protected. • Everything in the modern age requires a password. Don’t use a weak password: Password Password123 QWERTY Your Date of Birth Pet’s name Child’s Name (Anything on a Post-it note) • https://howsecureismypassword.net
Protection Mechanisms: Password Management • How do you remember all these passwords? • Use Password management services to prevent compromises across multiple accounts. • Encrypt passwords in a security vault • Store unlimited, unique logins • Remember just one ‘master password’ • Get prompted to update passwords when needed • Web browsers can autofill passwords from most good password managers • Applications available on all devices
Protection Mechanisms: Multi-Factor Authentication • Known as MFA - Provides a token or code on login to increase security • Prevents unauthorised access from elsewhere • Can be enabled on most accounts • Password managers can be used to store MFA tokens, this keeps all users' logins in one place
Protection Mechanisms: Antivirus • Software used to detect, block and remove suspicious applications. • Scan and ‘real time’ detection • Update regularly to receive latest virus information • Windows, Mac and Linux all need Antivirus • So do Android devices • iPhones and iPads don’t – closed ecosystem • Modern antivirus products include advanced features to predict and reduce the risk from emerging threats that are not yet known about.
How can Lineal Help?
How can Lineal Help? 1. Phishing Simulation • Test your own staff with a library of randomised, automated, simulated phishing emails! • Helps form easy training program. Report on results, focus time on staff who need extra help, and build lasting resilience. • Low Cost, Low impact. Builds culture of improvement.
How can Lineal Help? 2. Email Filtering • Enroll your email accounts into an automated spam filtering/attachment scanning service to cut volume of suspicious email reaching users. • More powerful versions can even detect suspicious activity in your account. • Low Cost. Cuts down ‘opportunity’ for user mistakes.
How can Lineal Help? 3. Managed Cybersecurity-as-a-Service Great-value business ‘package’ of measures from Lineal, including: • Email filtering • CyberEssentials • Phishing Simulation • DarkWeb Check • Password Manager • User Training • Endpoint Antivirus • & much more! • Basic Penetration Testing • Application Control • DNS Filtering • Cybersecurity Audit • Endpoint Detection & Response (EDR)
Any Questions?
Thank you for your time! Lewis.Marrow@lineal.co.uk Support@lineal.co.uk www.lineal.co.uk
You can also read