Defence against email phishing

Defence against email phishing

The second in our series of blogs covering cyber security looked at email phishing, what it is, how it’s evolved and why your organisation should protect itself.

Continuing on a security theme, this blog references the National Cyber Security Centre which offers comprehensive guidance helping organisations protect themselves against cyber attacks. It lists 4 layers of defence - refer to 'Phishing attacks: defending your organisation’. 

The 4 layers to ensure you are as protected as possible involve:

1. Making it difficult for attackers to reach your users

2. Helping users identify and report suspected phishing emails

3. Protecting your organisation from the effects of undetected phishing emails

4. Responding quickly to incidents.


This blog is going to look at Layer One - Making it difficult for attackers to reach your users.


Don’t let hackers reach your people

Anti-spoofing controls

Phishing emails look authentic, as if they’re appearing from a bona fide individual or organisation. Termed ‘spoofing’, they can be incredibly convincing so deploy anti-spoofing measures to make it difficult for an email from your domain to be used in this way. 

Adopt email authentication by SPF, DKIM, and DMARC records in DNS*. Once configured, the email system receiving a message can check the validity of the message and sender. For messages coming into your organisation, Microsoft 365 will request email authentication from the sender’s domain.

* Records which contain a list of all the IP addresses that are permitted to send email on behalf of your domain.

 

Don’t give too much information away

Review the information that makes up your digital footprint. What do you share about your organisation online that can make a phishing email look more convincing? What do external contacts share about you too? Only publish what you need to, anything more and you could be making it easier for a senior member of your management team to be approached with a more targeted message (know as spear phishing) and could result in more serious consequences.

 

Educate your people

Ensure your staff are aware of the consequences of sharing personal information. Once online, it could potentially be there forever and more importantly - out of their control. Your staff need to understand that their digital footprint can be used for nefarious purposes. More information regarding this and how to establish a footprint policy can be found on the CPNI’s (Centre for the Protection of National Infrastructure) website page ‘My Digital Footprint’.

 

Use a filtering or blocking service

Using a filtering/blocking service will definitely reduce the risk of an attack and saves your staff checking and reporting a suspect email. Incoming mail is monitored as soon as it hits the server, which is not to say that it can’t be checked once it reaches a device, but is the preferred method. 

Note - we recommend you have it switched on by default and can help ensure it fits your requirements.

It’s important to be aware of the differences between the 2 services: filtering will send an email to the recipient’s junk/spam folder whilst blocking sends the offending email to the bin. Decide what will best suit your organisation and ensure the correct rules are in situ - do you want people to get more emails which may mean they have more housekeeping to do? Or block more, and potentially ‘lose’ important correspondence?

In the event of validation failure, be aware that if a sender’s domain has deployed anti-spoofing measures, specifically by publishing a DMARC record, you must honour either the ‘quarantine’ policy (which delivers malicious email into the spam folder of the receiver) or the ‘reject’ policy (which doesn’t even deliver the email).

As mentioned above, emails can be filtered once it reaches the device but don’t rely on this as a means of replacing an ineffective server method particularly when many phishing emails could be stopped from the word go.

There are a variety of ways in which emails can be filtered or blocked (and will be detailed in our blog, 'Layer Three - Protecting your organisation from the effects of undetected phishing emails’):

  • IP addresses
  • Domain names
  • An email address white/black list
  • Public spam and open relay black lists
  • Attachment types
  • Use of Artificial Intelligence
  • Malware detection.

If you would like to know more about how we can help your organisation defend itself against email phishing or security in general, please get in touch with our cyber security team. We’re here to safeguard both you and your staff.

 

Other articles in the series:

Email phishing and why your organisation should protect itself

Audit your security with Cyber Essentials

Helping users identify and report suspected phishing emails - Layer Two

Protecting your organisation from the effects of undetected phishing emails - Layer Three

How can we help you?

Microsoft Gold Certified
Microsoft Partner Solutions
Cyber essentials plus
Watchguard one gold
Hp enterprise