Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Email Security 101 – A Practical Guide For Every Business

252 views

Published on


Email is at heart of so many businesses, yet it is one of the most flawed methods of communication with over 50% of all email traffic unwanted spam. Email security solutions can be bypassed, via legitimate services, but you can still identify the outliers that make it through.

Main points covered:

• Why are we in such a mess with email?
• How criminals can bypass email security
• How email security also needs web security
• Habits to increase your email security

Presenter:

Nnick ioannou is an IT professional, blogger, author and public speaker on cloud and security issues, with over 20 years’ corporate experience, including 15 years using cloud/hosted software as a service (SaaS) systems. As an early adopter of cloud systems, including BPOS, the first iteration of Office 365, he has been paying for the privilege of bug testing them ever since. Security bugs that aren’t fixed end up becoming magazine articles in an attempt to get the vendor to take notice.

He started blogging in 2012 on free IT resources (http://nick-ioannou.com) currently with over 450+ posts. Author of 'Internet Security Fundamentals' and 'A Practical Guide to Cyber Security for Small Businesses' as well as contributing author to three 'Managing Cybersecurity Risk' books and 'Conquer The Web' by Legend Business Books.

Date: April 24th, 2019
Recorded webinar: https://youtu.be/rIXDqEm_tfQ


Published in: Education
  • Be the first to comment

  • Be the first to like this

Email Security 101 – A Practical Guide For Every Business

  1. 1. Why would cyber criminals target me?
  2. 2. Fraud Extortion Theft Unauthorized Use Why would cyber criminals target me?
  3. 3. Backups Antivirus Patch Mgt Email Filtering Web Filtering Admin Privilege Access Control MonitoringForensics 9 areas for true cover
  4. 4. MonitoringForensics Email filtering
  5. 5. Emails are still the main infection route
  6. 6. Email System Email Sender Email Reason Email Payload Genuine Compromised Credentials Genuine User Legitimate Reason URL Link Attachment Bogus Spoof Display Name Deception Lookalike Domain Extortion Fraud Theft Unauthorized Use of Assets Disruption Malicious Attachment Malicious URL Link Attachment with Malicious URL Link Types of email
  7. 7. Criminals can make convincing fake emails
  8. 8. Criminals can make convincing fake websites
  9. 9. Criminals will try to mimic common file sharing services
  10. 10. To phish credentials
  11. 11. Attachments may not actually be attachments
  12. 12. Attachments may not actually be attachments
  13. 13. From: Terry Ratcliffe To: Marion Barnes Criminals have visited your website and know who to email
  14. 14. Criminals will try to mimic document signing services
  15. 15. Criminals will try to mimic accounts packages
  16. 16. Criminals will try to mimic accounts departments
  17. 17. REAL FAKE Criminals will try to mimic file transfer services emails
  18. 18. Criminals will try to mimic corporate file sharing services
  19. 19. Or just use genuine file sharing services
  20. 20. Or just fake their own file sharing services
  21. 21. The criminals want our login credentials
  22. 22. Criminals know who we work with too
  23. 23. Criminals will compromise email accounts of suppliers
  24. 24. Criminals will compromise email accounts of suppliers
  25. 25. Criminals will compromise email accounts of suppliers
  26. 26. Criminals will compromise email accounts of suppliers
  27. 27. The criminals perfect storm Compromised email account of someone you trust With a link to a genuine file service That leads to a password protected file or phishing attempt
  28. 28. Block uncommon attachment file types .app .arj .bas .bat .cgi .chm .cmd .com .cpl .dll .exe .hta .inf .ini .ins .iqy .jar .js .jse .lnk .mht .mhtm .mhtml .msi .msh .msh1 .msh2 .msh1xml .msh2xml .ocx .pcd .pif .pl .ps1 .pl .ps1 .ps1xml .ps2 .ps2xml . psc1 .psc2 .py .reg .scf .scr .sct .sh .shb .shs .url .vb .vbe .vbs .vbx .ws .wsc .wsf .wsh Block or quarantine the following file types (unless you are web developers or programmers .docm .dotm .ppam .potm .ppsm .pptm .sldm .xlam .xlsm .xltm Quarantine the following macro-enabled office files
  29. 29. Cloud-based email filtering
  30. 30. Turn on Microsoft Office protected view
  31. 31. MonitoringForensics Web filtering augments Email filtering
  32. 32. Filtering DNS
  33. 33. Cloud-based web traffic filtering
  34. 34. Are you buying this? When you really need these! Spend your security budget wisely
  35. 35. Conclusion – what does it all cost ● Antivirus & Patch Management £30 ● Email Filtering + 10-year archive £33 ● Web Filtering £35 ● Admin Privilege £22 ● Access Control £30 £150 per year per person, or £12.50 per month, or £2.90 a week
  36. 36. EMAIL INTERNETEMAIL LINKATTACHMENT USERS COMPUTER Sophos Intercept X SERVER Exchange Server Rules My cyber defences cost £25 per person per month 2 step verification logins
  37. 37. No budget to speak of learninfosec.co.uk eset.com/us/cybertraining takefive-stopfraud.org.uk hiscoxcyberclearacademy.com TECHNOLOGY The systems in place to protect you PEOPLE Employee awareness of what to do or not to do PROCESSES The guidelines and instructions in place to protect you
  38. 38. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events
  39. 39. THANK YOU ? nick@booleanlogical.com https://www.linkedin.com/in/nick-ioannou/ https://www.booleanlogical.com

×