Comments by: Evan Dumas, Regional Director, Southeast Asia, at Check Point Software Technologies
What has happened here is an email breach. Malware attacks like this one are usually sent as an attachment to an email, and can range from a seemingly innocent resume file sent to HR to an invoice file sent to accounts payable. The goal is to infect the end-user’s machine and gain control over it and the data on it, and in many cases move across the network to infect other machines within the same organisation.
So what steps can you take to improve your email security? Here are some tips:
- Basic best practices: Anyone can improve their adherence to best security practices when it comes to email. Choose a strong password and don’t give it out to anybody. Enable multi-factor authentication to prevent unauthorised access. Be suspicious of unfamiliar links or attachments. Train your employees to do the same.
- Data leak prevention: Controlling the exchanging of sensitive information like personal data or credit card information can be a powerful extra layer of security.
- Zero-day attack prevention: Zero-day attacks can be devastating, but the right email security strategy can stop them in their tracks.
- Phishing scheme prevention: Phishing — the deceptive practice of luring people into providing their login credentials or other data — is incredibly common in the world of email and has gotten extremely sophisticated. Most email services attempt to filter out phishing attacks naturally, but they can’t catch them all — which is why you need an additional layer of protection that is designed to detect and block these social engineering attacks before they reach users.
- Monitoring and Visibility: The best email security products offer actionable insights and easy monitoring, to help you in understanding what is happening in your environment and take better security decisions.