In these days of enhanced technical security solutions, we often neglect the human variable in Information Security. Email scams and phishing attacks are on the rise. User information and training are key in combating them.
We have seen at least two of these kinds of attacks on clients that could have been prevented with user security awareness.
We are also seeing a resurrection of Microsoft Office macro-based attachment infection attempts – almost no email security vendors are capable of stopping these, though steps can be taken at endpoints and some email systems.
While greylisting or whitelisting email lists seems like it could help with this solution at a significant cost in time, no amount of traditional DKIM and SPF records can stop a valid email address from sending email. A multi-factor authentication scheme could also help, but many of these attacks are from without the network using social engineering tricks such as email scraping and creating a domain VERY similar to the target email domain.
Proper logging and auditing is also a key forensic tool – don’t forget that any hosted or cloud services you are using are likely not retaining sufficient logs to protect your interest. A logging solution under your or your agents direct control is a key security measure.
There is so substitute for a security-aware end user. We here at Datalink Networks can assist security awareness and any of the technical solutions above. Please give me a call or contact us for a security consultation if want to discuss what we have been seeing lately.
Brian Hatchell is Datalink Networks' Director of Engineering. With over 20 years of experience in the data center, Brian's specialties include email systems, data center design, virtualization, storage, wireless connectivity and security edge. Brian has consulted on hundreds of systems throughout North America, specializing in the Higher Education, K-12 Education and Health Care verticals. Previous career achievements include a 7 year tenure as a Network Engineer at a California community college district and a 2 year senior messaging consultant role with a specialized software company.