Building resilience against e-mail security threats
Phishing is on the rise in SA, with 53% of South Africans reporting an increase in phishing attacks with malicious links or attachments.
This was one of the findings Mimecast’s latest State of Email Security Report.
Brian Pinnock, cyber security expert at Mimecast, says: ”As we saw with the Superbalist phishing attempt in February this year, phishing attacks can strike quickly and can expose consumers and businesses to immense financial and reputational risk.”
According to Pinnock, 45% of South African respondents in Mimecast’s latest survey reported an increase in targeted spear-phishing attacks containing malicious links or attachments.
“Spear-phishing relies on social engineering, so it is well researched, highly targeted at the receiver and is difficult for an uneducated end-user to spot. It’s really only a matter of time until an organisation with insufficient security and user awareness training falls victim to these sophisticated attacks.”
He says Mimecast recommends companies follow several steps to ensure they keep theirs and their customer data safe.
“Businesses can help their customers be more cyber aware by constantly reminding them of known frauds and the types of things they would never ask for in e-mail.”
In addition, he says businesses should always keep their own brand safe. “There are known security standards such as domain-based message authentication, reporting and conformance that enable an organisation to track misuse of its brand in email that only a third of companies actually use.
“They should also improve and advertise their process for consumers reporting fraud and scams.”
There are also tools that help track a business’s brand online or discover and take down brand impersonation sites.
Pinnock says companies should ensure their own e-mail is safe by implementing secure e-mail gateways, and making sure that their supply chain partners use appropriate cyber security.
Threat actors are starting to use a company’s third-party partners as a stepping stone to them because they are trusted, he says. “Companies should also make sure their own employees are not in on the scam by using an appropriate insider threat mitigation technology, and should apply appropriate security and data loss prevention controls where they store personally identifiable consumer data."
Boosting cyber resilience
Consumers don’t have access to the same security tools that large organisations have but there are still many steps they can follow to make themselves more cyber resilient, he says.
“Firstly, always use a different password for different sites and accounts, and use passphrases instead of passwords. However, the best option to keep passwords safe is to use a password manager.”
Mimecast also recommends that users employ two-factor authentication wherever possible, such as a biometric and a password, or a password and a token. SMS is the weakest form but is better than nothing, adds Pinnock.
“Make sure you are up to date with software patches from the operating system vendors of your PCs, tablets and phones. All users should get legitimate anti-virus software and keep it updated - even Apple users,” he stresses.
He advises consumers to be cautious of using free WiFi at airports, hotels, coffee shops and petrol stations without a VPN when conducing any form of banking or confidential work. “Use a reputable VPN provider not a free one. Also, use a secure DNS server rather than the one your ISP makes you use, and there are many free secure DNS services such as Google or OpenDNS, which are not perfect but give some protection from malicious sites.”
Pinnock warns users to never click on link or attachments in e-mails before checking them first using sites such as URLscan.io or virustotal.com. “Look carefully at who the e-mail is from by checking the display name and the sender name. Keep an eye out for spelling errors and any other suspicious characteristics. If the e-mail is triggering emotions like fear or urgency or greed, be careful. If the e-mail comes from a senior person in your company and is asking you to do something outside of normal processes, phone them.”
Finally, he advises to make regular backups - preferably offsite backups using a backup service. “Be aware that cloud file services like Dropbox and OneDrive are not a substitute for backups and can be corrupted if you get infected with ransomware. You need at least one copy of your last known good state that you can recover from.”