Basic measures to protect e-mail
Our email inbox is the source of a large part of the cyber threats faced by companies. More than 94% of cyber-attacks come from the email inbox, with phishing being the attack vector.
Phishing has forced many companies not only to redefine authentication and certification processes, but also to try to prevent the effectiveness of these social engineering attacks at the point of origin: our email inbox. In this way, possible attacks such as the “whaling attack” or “CEO fraud” are prevented.
Preventing the arrival of phishing mails
Correctly protect information sent through e-mails.
Ensure the reception of e-mails sent by the user.
Step 1: Securing authentication through protocols
This protocol indicates which servers are “authorized” to send email through that domain by creating a TXT record in the DNS.
Thus, checking the SPF record verifies whether the server sending the email corresponds to the SPF records of the sender’s domain and is therefore authorized to send emails from that domain.
When sending an email from a server with the DKIM protocol active, it will create a signature in the headers of the message that it will send along with the email.When the receiver receives it, it will make a DNS request to the domain of the sending email, obtaining the public key of this record. This key verifies if the signature is correct, confirming the sender of the email.
It takes advantage of the aforementioned SPF and DKIM, and can be seen as the recommended action to take when neither SPF nor DKIM confirms an email as legitimate.
Among the possible options is to choose between rejecting all mail or using an application for statistical control.
What else can we do to protect e-mail?
Perform an M365 audit
There are different levels of configuration and tools in Microsoft 365, that improve the cybersecurity of companies. By performing an audit, we check how secure the customers’ M365 services platform is.
Implement strong authentication and identity protection
In addition to securing logins and configuring multi-factor authentication, it is advisable to implement identity and permission management tools, as well as conditional access through user behavior analysis.
To have an overview of device protection
The company must know the protection and security update status of the devices. There are tools that coordinate the status of these devices and how protection measures are being applied, how they are connected to company networks and even the level of encryption of files on the hard disk.
Establishment of information protection policies
It is advisable to apply file protection tools and permissions (encryption, detection and classification of file sensitivity levels, etc.) in order to prevent information loss, whether in the cloud or in the local infrastructure.
Implementation of Artificial Intelligence tools
These tools, such as Darktrace Antígena, help autonomously detect and neutralize email phishing threats, as well as detecting when an account has been compromised by analyzing user behavior.
How can we help you?
Sofistic has a team of professionals with extensive experience in consulting and specialized cybersecurity services, and we can help you protect your email.
As certified Microsoft cybersecurity partners, Sofistic audits and secures your Microsoft 365 tenant to detect configuration errors.
This is based not only on the best practices recommended by Microsoft, but also on the extensive experience acquired in multiple projects of this type.
In addition, this assurance will serve as a basis for much more ambitious projects such as identity management, device management (MDM), and tagging or data leakage (DLP).
Ask us for more information
At Sofistic we are delighted to announce that the security operations center Sofistic's SOC has recently achieved to be recognized as a member of FIRST, the international association that lists the most relevant cybersecurity incident response teams (CSIRTs, CERTs)...