Indian Corporates Should be Wary of Email-Based Threats
The focus today is on the Indian corporate scenario. The HackerCombat research team, ever on the go, has been analyzing the current cybersecurity landscape in India, with special focus on the world of corporates and corporate users. We have been assessing and studying all the trends as regards cybersecurity; we had met and interviewed independent users, the IT staff in many corporate organizations and some cybersecurity experts as well; and we had been doing detailed researches as well.
Well, as regards the cybersecurity issues bugging the corporate world in India, we’d want to focus the most of email-based threats. Email-borne threats continue to be the most dangerous of all threats for corporates in India. Individual users as well the IT departments need to be wary of email-based threats, because cybercriminals still target the email, seeing it as one of the most vulnerable of vectors. Many Indian corporates, big and small, are yet to implement strong email security controls; they are yet to adopt practices that seek to block email-based threats and attacks. This one area is ignored, and the results are sometimes really disastrous. One email does the mischief and the whole network gets breached; the organization suffers tremendous losses, in terms of money and in terms of reputation as well.
Cybercriminals execute different kinds of email-based attacks- phishing or spear-phishing attacks, MITM (Man-in-the-Middle) attacks, zero-day attacks etc and get away with sensitive data as well as money. Ransomware would creep in via emails and block access to your network on the whole.
Here are certain basic security measures that can be adopted to stay prevented from email-based threats and attacks:
Handle unsolicited emails with extreme caution- It’s always best to handle unsolicited emails, especially those coming from unknown senders, with extreme caution. Such emails could contain malicious links or attachments, which if clicked on or downloaded could wreak havoc on your system and network. There could also be emails that seem to be coming from your clients or associates, but yet seem suspicious. If you have even one percent of doubts regarding the authenticity of such an email, it’s always best to call up the sender and confirm its genuineness before opening it or clicking on its contents. Viruses, spyware and other malicious software come through such cleverly crafted emails.
Install a firewall, keep it updated- A firewall is important as regards securing yourselves from email threats. It works by effectively detecting suspicious outbound communications from your side and blocks them, thus protecting you from an attacker whom you are all set to contact. Thus, it also signals the presence of some malicious software which you might have got infected with, by inadvertent clicking on some phishing email. It’s also important that you keep the firewall updated, at all times.
Ensure effective spam filtering- As we have already said, email scams begin with unsolicited emails. Hence it becomes important that there is effective spam filtering done, to keep such emails at bay. Most email applications and web mail services today have spam-filtering in them. However, an organization always needs to ensure that spam filtering is effective.
Train your employees- This is of utmost importance. Each employee in an organization needs to be careful. Teach and train your employees on different aspects of email security. Tell them not to click on suspicious emails, teach them to keep their personal devices (BYOD devices) secured and also train them as regards spotting and preventing different kinds of email threats.
Have a back-up, always- This is a general thing, for all kinds of threats. Have a back-up of all your important data and ensure it’s updated regularly. This helps get things back on track even if one spammy email manages to sabotage your network and throws everything out of gear.
Julia Sowells702 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.