How to Protect Employees and Data with Remote Email Security ToolsMay 12, 2020 No Comments
Featured article by Dean Coclin, Senior Director Business Development at DigiCert
Stay-at-home measures taken in the wake of the novel coronavirus pandemic are opening more doors for cybercriminals. As the number of remote employees has climbed so have criminal attempts to access email. Companies are at risk unless they adopt email security tools, which slam the door shut on cybercriminals.
During the week beginning April 5, approximately 18 million of the 100 million malware and phishing emails blocked by Gmail were related to COVID-19, according to Google blog post “Protecting businesses against cyber threats during COVID-19 and beyond.” In addition, more than 240 million coronavirus-related spam messages have been caught by Gmail each day.
In the blog post, Google shares examples of phishing emails and scams being used by cybercriminals trying to capitalize on the pandemic:
- Emails where senders pretend to be from the World Health Organization (WHO) or another government agency. These might be attempts to solicit donations or collect personal information.
- Emails that initially appear to be from Human Resources or someone else in an employee’s company, taking particular advantage of remote employees.
- Emails directed at small businesses that try to take advantage of people’s interest in government stimulus packages.
- Emails where senders pretend to be existing customers or partners, possibly encouraging recipients to open an attachment that releases malware.
Email security tools can help block access points to cybercriminals and prevent remote employees from potentially putting company data at risk.
VPN for Network Protection
A virtual private network (VPN) is a more secure option for remote employees than Remote Desktop Protocol (RDP). VPN takes the security, functionality and management of a private corporate network and extends it across a public network. Digital certificates for authentication boost security even more.
VPN providers say demand has soared:
- Use of NordVPN’s business-focused VPN has grown by 165 percent globally and by 66 percent in the U.S. since March 11.
- Product usage of Atlas VPN grew by 112 percent in a single week in Italy. It increased by 53 percent in the U.S. in the first two weeks of March, and could potentially rise to 150 percent by the end of April.
- Customer connections to AT&T’s VPN, called ANIRA, rose by 700 percent in just a few weeks.
S/MIME for Email Encryption
The end-to-end encryption of Secure/Multipurpose Internet Mail Extensions (S/MIME) ensures that only the intended recipient of an email can read the message. It does this by preventing the interception of messages during transit.
The Internet Engineering Task Force (IETF) has adopted S/MIME as “the golden standard in email security,” according to the blog post “Encrypting Your Emails with S/MIME.”
“For anyone where the importance of establishing integrity, upholding privacy, preserving sensitive data and protecting against impersonation matters, S/MIME should be high on the list. S/MIME adoption is becoming more mainstream, and as hosting providers, it’s a great additional tool to be able to offer your customers.”
DMARC for Reputation Preservation
Adopting Domain-based Message Authentication, Reporting and Conformance (DMARC) prevents cybercriminals from deceiving recipients with fraudulent emails masquerading as emails from your company. With this protocol, unauthenticated messages are captured by a recipient’s email provider and quarantined or rejected before they can do harm.
With DMARC policies increasing by 300 percent during 2019, DMARC is an increasingly popular spoof-proofer for the corporate domain. Authentic emails from your domain are the only ones that end up in recipients’ Inboxes. To make the most of DMARC:
- Whitelist all domain senders authorized to send messages on behalf of your organization.
- Set up alerts when fraudulent emails are sent from your domain to learn of all suspicious activity.
- Enforce DMARC to protect your company from attempts by cybercriminals.
DMARC can also protect your employees from falling prey to phishing emails pretending to be from organizations like WHO or other government agencies. During the week beginning April 13, there were more than 18 million COVID-19-specific phishing and malware attacks every day, according to Forrester Vice President and Research Director Joseph Blankenship in the blog post “COVID-19 Campaigns Highlight The Need For Phishing Protection.”
“[One] reason they are so effective is that phishing attacks are one of the only cybersecurity attacks that security professionals will admit to almost (or actually) falling for. We’re feeling the same panic and are extra prone to click,” Blankenship writes. “DMARC’s anti-phishing benefits can be expanded to also include stopping COVID-19-specific phishing attacks from reaching your organization’s inboxes and stopping cybercriminals from hijacking your domains to carry out attacks.”
Protect Remote Employees and Data with Email Security Tools
Social distancing will likely extend through the summer, according to Deborah Birx, the White House’s coronavirus task force coordinator, in an interview on NBC News’s “Meet the Press” on April 26. If that timeline becomes a reality, many workers could remain remote employees for the foreseeable future, making email security a high priority. Support these remote employees and keep company data safe by investing in email security tools.
Dean Coclin, Senior Director Business Development at DigiCertSECURITY